|
@@ -5,17 +5,18 @@ index bcb167e..5f688db 100644
|
5
|
5
|
@@ -70,7 +70,7 @@ class SSLContext
|
6
|
6
|
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
7
|
7
|
end
|
8
|
|
-
|
|
8
|
+
|
9
|
9
|
- INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
10
|
10
|
+ INIT_VARS = ["client_ca", "ca_file", "ca_path",
|
11
|
11
|
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
12
|
12
|
"verify_callback", "cert_store", "extra_chain_cert",
|
13
|
13
|
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
14
|
|
-@@ -106,6 +106,7 @@ class SSLContext
|
|
14
|
+@@ -106,6 +106,8 @@ class SSLContext
|
15
|
15
|
#
|
16
|
16
|
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
|
17
|
17
|
def initialize(version = nil, fallback_scsv: false)
|
18
|
|
-+ @certs = @keys = []
|
|
18
|
++ @certs = []
|
|
19
|
++ @keys = []
|
19
|
20
|
INIT_VARS.each { |v| instance_variable_set v, nil }
|
20
|
21
|
self.options = self.options | OpenSSL::SSL::OP_ALL
|
21
|
22
|
return unless version
|
|
@@ -40,7 +41,7 @@ index bcb167e..5f688db 100644
|
40
|
41
|
+ self.keys.first
|
41
|
42
|
+ end
|
42
|
43
|
end
|
43
|
|
-
|
|
44
|
+
|
44
|
45
|
module SocketForwarder
|
45
|
46
|
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
|
46
|
47
|
index 9f7ee0b..9437793 100644
|
|
@@ -49,7 +50,7 @@ index 9f7ee0b..9437793 100644
|
49
|
50
|
@@ -36,8 +36,8 @@ VALUE cSSLSocket;
|
50
|
51
|
static VALUE eSSLErrorWaitReadable;
|
51
|
52
|
static VALUE eSSLErrorWaitWritable;
|
52
|
|
-
|
|
53
|
+
|
53
|
54
|
-#define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v))
|
54
|
55
|
-#define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v))
|
55
|
56
|
+#define ossl_sslctx_set_certs(o,v) rb_iv_set((o),"@certs",(v))
|
|
@@ -60,7 +61,7 @@ index 9f7ee0b..9437793 100644
|
60
|
61
|
@@ -50,8 +50,8 @@ static VALUE eSSLErrorWaitWritable;
|
61
|
62
|
#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
|
62
|
63
|
#define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v))
|
63
|
|
-
|
|
64
|
+
|
64
|
65
|
-#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
|
65
|
66
|
-#define ossl_sslctx_get_key(o) rb_iv_get((o),"@key")
|
66
|
67
|
+#define ossl_sslctx_get_certs(o) rb_iv_get((o),"@certs")
|
|
@@ -75,12 +76,12 @@ index 9f7ee0b..9437793 100644
|
75
|
76
|
- VALUE val;
|
76
|
77
|
+ VALUE val, val2;
|
77
|
78
|
+ int cert_defined = 0, key_defined = 0;
|
78
|
|
-
|
|
79
|
+
|
79
|
80
|
if(OBJ_FROZEN(self)) return Qnil;
|
80
|
81
|
GetSSLCTX(self, ctx);
|
81
|
82
|
@@ -761,19 +762,39 @@ ossl_sslctx_setup(VALUE self)
|
82
|
83
|
}
|
83
|
|
-
|
|
84
|
+
|
84
|
85
|
/* private key may be bundled in certificate file. */
|
85
|
86
|
- val = ossl_sslctx_get_cert(self);
|
86
|
87
|
- cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
|
|
@@ -131,20 +132,20 @@ index 9f7ee0b..9437793 100644
|
131
|
132
|
}
|
132
|
133
|
@@ -2128,14 +2149,14 @@ Init_ossl_ssl(void)
|
133
|
134
|
rb_define_alloc_func(cSSLContext, ossl_sslctx_s_alloc);
|
134
|
|
-
|
|
135
|
+
|
135
|
136
|
/*
|
136
|
137
|
- * Context certificate
|
137
|
138
|
+ * Context certificates
|
138
|
139
|
*/
|
139
|
140
|
- rb_attr(cSSLContext, rb_intern("cert"), 1, 1, Qfalse);
|
140
|
141
|
+ rb_attr(cSSLContext, rb_intern("certs"), 1, 1, Qfalse);
|
141
|
|
-
|
|
142
|
+
|
142
|
143
|
/*
|
143
|
144
|
- * Context private key
|
144
|
145
|
+ * Context private keys
|
145
|
146
|
*/
|
146
|
147
|
- rb_attr(cSSLContext, rb_intern("key"), 1, 1, Qfalse);
|
147
|
148
|
+ rb_attr(cSSLContext, rb_intern("keys"), 1, 1, Qfalse);
|
148
|
|
-
|
|
149
|
+
|
149
|
150
|
/*
|
150
|
151
|
* A certificate or Array of certificates that will be sent to the client.
|