Skip to content

Commit

Permalink
x509ext: let X509::ExtensionFactory#create_ext take a dotted OID string
Browse files Browse the repository at this point in the history
instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
instead just pass strings to X509V3_EXT_nconf, which has all the logic for
processing dealing with generic extensions
also process the oid through ln2nid() to retain compatibility.

[rhe: tweaked commit message and added a test case]
  • Loading branch information
mcr authored and rhenium committed Aug 31, 2023
1 parent 91ae46c commit 3b55428
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
12 changes: 7 additions & 5 deletions ext/openssl/ossl_x509ext.c
Original file line number Diff line number Diff line change
Expand Up @@ -209,15 +209,16 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
int nid;
VALUE rconf;
CONF *conf;
const char *oid_cstr = NULL;

rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValueCStr(oid);
StringValue(value);
if(NIL_P(critical)) critical = Qfalse;

nid = OBJ_ln2nid(RSTRING_PTR(oid));
if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
oid_cstr = StringValueCStr(oid);
nid = OBJ_ln2nid(oid_cstr);
if (nid != NID_undef)
oid_cstr = OBJ_nid2sn(nid);

valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
rb_str_append(valstr, value);
Expand All @@ -228,7 +229,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfig(rconf);
X509V3_set_nconf(ctx, conf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));

ext = X509V3_EXT_nconf(conf, ctx, oid_cstr, RSTRING_PTR(valstr));
X509V3_set_ctx_nodb(ctx);
if (!ext){
ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
Expand Down
11 changes: 11 additions & 0 deletions test/openssl/test_x509ext.rb
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,17 @@ def test_factory_create_extension_sn_ln
assert_equal(@basic_constraints.to_der, bc_ln.to_der)
end

def test_factory_create_extension_oid
ef = OpenSSL::X509::ExtensionFactory.new
ef.config = OpenSSL::Config.parse(<<~_end_of_cnf_)
[basic_constraints]
cA = BOOLEAN:TRUE
pathLenConstraint = INTEGER:2
_end_of_cnf_
bc_oid = ef.create_extension("2.5.29.19", "ASN1:SEQUENCE:basic_constraints", true)
assert_equal(@basic_constraints.to_der, bc_oid.to_der)
end

def test_dup
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
assert_equal(@basic_constraints.to_der, ext.to_der)
Expand Down

0 comments on commit 3b55428

Please sign in to comment.