Skip to content

Commit 21aadc6

Browse files
segiddinssegiddins
authored
Set time directly on the x509 store (#770)
Instead of an ivar, so other ossl functions that take a store will use the correct time when verifying
1 parent 6100a37 commit 21aadc6

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

ext/openssl/extconf.rb

+1
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,7 @@ def find_openssl_library
190190
have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
191191
have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
192192
have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
193+
have_func("X509_STORE_get0_param(NULL)", x509_h)
193194

194195
# added in 1.1.1
195196
have_func("EVP_PKEY_check(NULL)", evp_h)

ext/openssl/ossl_x509store.c

+11-6
Original file line numberDiff line numberDiff line change
@@ -223,7 +223,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
223223
rb_iv_set(self, "@error", Qnil);
224224
rb_iv_set(self, "@error_string", Qnil);
225225
rb_iv_set(self, "@chain", Qnil);
226-
rb_iv_set(self, "@time", Qnil);
227226

228227
return self;
229228
}
@@ -329,7 +328,16 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
329328
static VALUE
330329
ossl_x509store_set_time(VALUE self, VALUE time)
331330
{
332-
rb_iv_set(self, "@time", time);
331+
X509_STORE *store;
332+
X509_VERIFY_PARAM *param;
333+
334+
GetX509Store(self, store);
335+
#ifdef HAVE_X509_STORE_GET0_PARAM
336+
param = X509_STORE_get0_param(store);
337+
#else
338+
param = store->param;
339+
#endif
340+
X509_VERIFY_PARAM_set_time(param, NUM2LONG(rb_Integer(time)));
333341
return time;
334342
}
335343

@@ -564,7 +572,6 @@ ossl_x509stctx_new(X509_STORE_CTX *ctx)
564572
static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
565573
static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
566574
static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
567-
static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
568575

569576
/*
570577
* call-seq:
@@ -575,7 +582,7 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
575582
static VALUE
576583
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
577584
{
578-
VALUE store, cert, chain, t;
585+
VALUE store, cert, chain;
579586
X509_STORE_CTX *ctx;
580587
X509_STORE *x509st;
581588
X509 *x509 = NULL;
@@ -599,8 +606,6 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
599606
sk_X509_pop_free(x509s, X509_free);
600607
ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
601608
}
602-
if (!NIL_P(t = rb_iv_get(store, "@time")))
603-
ossl_x509stctx_set_time(self, t);
604609
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
605610
rb_iv_set(self, "@cert", cert);
606611

0 commit comments

Comments
 (0)