1 /*
2  * 'OpenSSL for Ruby' project
3  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
4  * All rights reserved.
5  */
6 /*
7  * This program is licensed under the same licence as Ruby.
8  * (See the file 'LICENCE'.)
9  */
10 #include "ossl.h"
11 
12 VALUE mX509;
13 
14 #define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
15 #define DefX509Default(x,i) \
16   rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
17 
18 ASN1_TIME *
ossl_x509_time_adjust(ASN1_TIME * s,VALUE time)19 ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
20 {
21     time_t sec;
22 
23     int off_days;
24 
25     ossl_time_split(time, &sec, &off_days);
26     return X509_time_adj_ex(s, off_days, 0, &sec);
27 }
28 
29 void
Init_ossl_x509(void)30 Init_ossl_x509(void)
31 {
32 #if 0
33     mOSSL = rb_define_module("OpenSSL");
34 #endif
35 
36     mX509 = rb_define_module_under(mOSSL, "X509");
37 
38     Init_ossl_x509attr();
39     Init_ossl_x509cert();
40     Init_ossl_x509crl();
41     Init_ossl_x509ext();
42     Init_ossl_x509name();
43     Init_ossl_x509req();
44     Init_ossl_x509revoked();
45     Init_ossl_x509store();
46 
47     DefX509Const(V_OK);
48     DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT);
49     DefX509Const(V_ERR_UNABLE_TO_GET_CRL);
50     DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
51     DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE);
52     DefX509Const(V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY);
53     DefX509Const(V_ERR_CERT_SIGNATURE_FAILURE);
54     DefX509Const(V_ERR_CRL_SIGNATURE_FAILURE);
55     DefX509Const(V_ERR_CERT_NOT_YET_VALID);
56     DefX509Const(V_ERR_CERT_HAS_EXPIRED);
57     DefX509Const(V_ERR_CRL_NOT_YET_VALID);
58     DefX509Const(V_ERR_CRL_HAS_EXPIRED);
59     DefX509Const(V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD);
60     DefX509Const(V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD);
61     DefX509Const(V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD);
62     DefX509Const(V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
63     DefX509Const(V_ERR_OUT_OF_MEM);
64     DefX509Const(V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
65     DefX509Const(V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
66     DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
67     DefX509Const(V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
68     DefX509Const(V_ERR_CERT_CHAIN_TOO_LONG);
69     DefX509Const(V_ERR_CERT_REVOKED);
70     DefX509Const(V_ERR_INVALID_CA);
71     DefX509Const(V_ERR_PATH_LENGTH_EXCEEDED);
72     DefX509Const(V_ERR_INVALID_PURPOSE);
73     DefX509Const(V_ERR_CERT_UNTRUSTED);
74     DefX509Const(V_ERR_CERT_REJECTED);
75     DefX509Const(V_ERR_SUBJECT_ISSUER_MISMATCH);
76     DefX509Const(V_ERR_AKID_SKID_MISMATCH);
77     DefX509Const(V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
78     DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
79     DefX509Const(V_ERR_APPLICATION_VERIFICATION);
80 
81     /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
82      * certificate chain leaf. */
83     DefX509Const(V_FLAG_CRL_CHECK);
84     /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
85      * certificates in the certificate chain */
86     DefX509Const(V_FLAG_CRL_CHECK_ALL);
87     /* Set by Store#flags= and StoreContext#flags=. Disables critical extension
88      * checking. */
89     DefX509Const(V_FLAG_IGNORE_CRITICAL);
90     /* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
91      * broken certificates. */
92     DefX509Const(V_FLAG_X509_STRICT);
93     /* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
94      * verification. */
95     DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
96     /* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
97      * constraints checking. */
98     DefX509Const(V_FLAG_POLICY_CHECK);
99     /* Set by Store#flags= and StoreContext#flags=.
100      * Implies V_FLAG_POLICY_CHECK */
101     DefX509Const(V_FLAG_EXPLICIT_POLICY);
102     /* Set by Store#flags= and StoreContext#flags=.
103      * Implies V_FLAG_POLICY_CHECK */
104     DefX509Const(V_FLAG_INHIBIT_ANY);
105     /* Set by Store#flags= and StoreContext#flags=.
106      * Implies V_FLAG_POLICY_CHECK */
107     DefX509Const(V_FLAG_INHIBIT_MAP);
108     /* Set by Store#flags= and StoreContext#flags=. */
109     DefX509Const(V_FLAG_NOTIFY_POLICY);
110     /* Set by Store#flags= and StoreContext#flags=. Enables some additional
111      * features including support for indirect signed CRLs. */
112     DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
113     /* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
114      * specified, deltas are ignored. */
115     DefX509Const(V_FLAG_USE_DELTAS);
116     /* Set by Store#flags= and StoreContext#flags=. Enables checking of the
117      * signature of the root self-signed CA. */
118     DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
119 #if defined(X509_V_FLAG_TRUSTED_FIRST)
120     /* Set by Store#flags= and StoreContext#flags=. When constructing a
121      * certificate chain, search the Store first for the issuer certificate.
122      * Enabled by default in OpenSSL >= 1.1.0. */
123     DefX509Const(V_FLAG_TRUSTED_FIRST);
124 #endif
125 #if defined(X509_V_FLAG_NO_ALT_CHAINS)
126     /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
127      * a alternative chain. No effect in OpenSSL >= 1.1.0. */
128     DefX509Const(V_FLAG_NO_ALT_CHAINS);
129 #endif
130 #if defined(X509_V_FLAG_NO_CHECK_TIME)
131     /* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
132      * validity period of certificates and CRLs. No effect when the current
133      * time is explicitly set by Store#time= or StoreContext#time=. */
134     DefX509Const(V_FLAG_NO_CHECK_TIME);
135 #endif
136 
137     /* Set by Store#purpose=. SSL/TLS client. */
138     DefX509Const(PURPOSE_SSL_CLIENT);
139     /* Set by Store#purpose=. SSL/TLS server. */
140     DefX509Const(PURPOSE_SSL_SERVER);
141     /* Set by Store#purpose=. Netscape SSL server. */
142     DefX509Const(PURPOSE_NS_SSL_SERVER);
143     /* Set by Store#purpose=. S/MIME signing. */
144     DefX509Const(PURPOSE_SMIME_SIGN);
145     /* Set by Store#purpose=. S/MIME encryption. */
146     DefX509Const(PURPOSE_SMIME_ENCRYPT);
147     /* Set by Store#purpose=. CRL signing */
148     DefX509Const(PURPOSE_CRL_SIGN);
149     /* Set by Store#purpose=. No checks. */
150     DefX509Const(PURPOSE_ANY);
151     /* Set by Store#purpose=. OCSP helper. */
152     DefX509Const(PURPOSE_OCSP_HELPER);
153     /* Set by Store#purpose=. Time stamps signer. */
154     DefX509Const(PURPOSE_TIMESTAMP_SIGN);
155 
156     DefX509Const(TRUST_COMPAT);
157     DefX509Const(TRUST_SSL_CLIENT);
158     DefX509Const(TRUST_SSL_SERVER);
159     DefX509Const(TRUST_EMAIL);
160     DefX509Const(TRUST_OBJECT_SIGN);
161     DefX509Const(TRUST_OCSP_SIGN);
162     DefX509Const(TRUST_OCSP_REQUEST);
163     DefX509Const(TRUST_TSA);
164 
165     DefX509Default(CERT_AREA, cert_area);
166     DefX509Default(CERT_DIR, cert_dir);
167     DefX509Default(CERT_FILE, cert_file);
168     DefX509Default(CERT_DIR_ENV, cert_dir_env);
169     DefX509Default(CERT_FILE_ENV, cert_file_env);
170     DefX509Default(PRIVATE_DIR, private_dir);
171 }
172