Ruby: ext/openssl/ossl_x509store.c Source File

00001 /*
00002  * $Id: ossl_x509store.c 37070 2012-10-02 19:36:26Z drbrain $
00003  * 'OpenSSL for Ruby' project
00004  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
00005  * All rights reserved.
00006  */
00007 /*
00008  * This program is licenced under the same licence as Ruby.
00009  * (See the file 'LICENCE'.)
00010  */
00011 #include "ossl.h"
00012 
00013 #define WrapX509Store(klass, obj, st) do { \
00014     if (!(st)) { \
00015         ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
00016     } \
00017     (obj) = Data_Wrap_Struct((klass), 0, X509_STORE_free, (st)); \
00018 } while (0)
00019 #define GetX509Store(obj, st) do { \
00020     Data_Get_Struct((obj), X509_STORE, (st)); \
00021     if (!(st)) { \
00022         ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
00023     } \
00024 } while (0)
00025 #define SafeGetX509Store(obj, st) do { \
00026     OSSL_Check_Kind((obj), cX509Store); \
00027     GetX509Store((obj), (st)); \
00028 } while (0)
00029 
00030 #define WrapX509StCtx(klass, obj, ctx) do { \
00031     if (!(ctx)) { \
00032         ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
00033     } \
00034     (obj) = Data_Wrap_Struct((klass), 0, ossl_x509stctx_free, (ctx)); \
00035 } while (0)
00036 #define GetX509StCtx(obj, ctx) do { \
00037     Data_Get_Struct((obj), X509_STORE_CTX, (ctx)); \
00038     if (!(ctx)) { \
00039         ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
00040     } \
00041 } while (0)
00042 #define SafeGetX509StCtx(obj, storep) do { \
00043     OSSL_Check_Kind((obj), cX509StoreContext); \
00044     GetX509Store((obj), (ctx)); \
00045 } while (0)
00046 
00047 /*
00048  * Classes
00049  */
00050 VALUE cX509Store;
00051 VALUE cX509StoreContext;
00052 VALUE eX509StoreError;
00053 
00054 /*
00055  * Public functions
00056  */
00057 VALUE
00058 ossl_x509store_new(X509_STORE *store)
00059 {
00060     VALUE obj;
00061 
00062     WrapX509Store(cX509Store, obj, store);
00063 
00064     return obj;
00065 }
00066 
00067 X509_STORE *
00068 GetX509StorePtr(VALUE obj)
00069 {
00070     X509_STORE *store;
00071 
00072     SafeGetX509Store(obj, store);
00073 
00074     return store;
00075 }
00076 
00077 X509_STORE *
00078 DupX509StorePtr(VALUE obj)
00079 {
00080     X509_STORE *store;
00081 
00082     SafeGetX509Store(obj, store);
00083     CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
00084 
00085     return store;
00086 }
00087 
00088 /*
00089  * Private functions
00090  */
00091 static VALUE
00092 ossl_x509store_alloc(VALUE klass)
00093 {
00094     X509_STORE *store;
00095     VALUE obj;
00096 
00097     if((store = X509_STORE_new()) == NULL){
00098         ossl_raise(eX509StoreError, NULL);
00099     }
00100     WrapX509Store(klass, obj, store);
00101 
00102     return obj;
00103 }
00104 
00105 /*
00106  * General callback for OpenSSL verify
00107  */
00108 static VALUE
00109 ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
00110 {
00111     X509_STORE *store;
00112 
00113     GetX509Store(self, store);
00114     X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb);
00115     rb_iv_set(self, "@verify_callback", cb);
00116 
00117     return cb;
00118 }
00119 
00120 
00121 /*
00122  * call-seq:
00123  *    X509::Store.new => store
00124  *
00125  */
00126 static VALUE
00127 ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
00128 {
00129     X509_STORE *store;
00130 
00131 /* BUG: This method takes any number of arguments but appears to ignore them. */
00132     GetX509Store(self, store);
00133     store->ex_data.sk = NULL;
00134     X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
00135     ossl_x509store_set_vfy_cb(self, Qnil);
00136 
00137 #if (OPENSSL_VERSION_NUMBER < 0x00907000L)
00138     rb_iv_set(self, "@flags", INT2NUM(0));
00139     rb_iv_set(self, "@purpose", INT2NUM(0));
00140     rb_iv_set(self, "@trust", INT2NUM(0));
00141 #endif
00142 
00143     /* last verification status */
00144     rb_iv_set(self, "@error", Qnil);
00145     rb_iv_set(self, "@error_string", Qnil);
00146     rb_iv_set(self, "@chain", Qnil);
00147     rb_iv_set(self, "@time", Qnil);
00148 
00149     return self;
00150 }
00151 
00152 static VALUE
00153 ossl_x509store_set_flags(VALUE self, VALUE flags)
00154 {
00155 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
00156     X509_STORE *store;
00157     long f = NUM2LONG(flags);
00158 
00159     GetX509Store(self, store);
00160     X509_STORE_set_flags(store, f);
00161 #else
00162     rb_iv_set(self, "@flags", flags);
00163 #endif
00164 
00165     return flags;
00166 }
00167 
00168 static VALUE
00169 ossl_x509store_set_purpose(VALUE self, VALUE purpose)
00170 {
00171 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
00172     X509_STORE *store;
00173     int p = NUM2INT(purpose);
00174 
00175     GetX509Store(self, store);
00176     X509_STORE_set_purpose(store, p);
00177 #else
00178     rb_iv_set(self, "@purpose", purpose);
00179 #endif
00180 
00181     return purpose;
00182 }
00183 
00184 static VALUE
00185 ossl_x509store_set_trust(VALUE self, VALUE trust)
00186 {
00187 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
00188     X509_STORE *store;
00189     int t = NUM2INT(trust);
00190 
00191     GetX509Store(self, store);
00192     X509_STORE_set_trust(store, t);
00193 #else
00194     rb_iv_set(self, "@trust", trust);
00195 #endif
00196 
00197     return trust;
00198 }
00199 
00200 static VALUE
00201 ossl_x509store_set_time(VALUE self, VALUE time)
00202 {
00203     rb_iv_set(self, "@time", time);
00204     return time;
00205 }
00206 
00207 /*
00208  * call-seq:
00209  *   store.add_file(file) -> store
00210  *
00211  *
00212  * Adds the certificates in +file+ to the certificate store.  The +file+ can
00213  * contain multiple PEM-encoded certificates.
00214  */
00215 
00216 static VALUE
00217 ossl_x509store_add_file(VALUE self, VALUE file)
00218 {
00219     X509_STORE *store;
00220     X509_LOOKUP *lookup;
00221     char *path = NULL;
00222 
00223     if(file != Qnil){
00224         SafeStringValue(file);
00225         path = RSTRING_PTR(file);
00226     }
00227     GetX509Store(self, store);
00228     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
00229     if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
00230     if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
00231         ossl_raise(eX509StoreError, NULL);
00232     }
00233 
00234     return self;
00235 }
00236 
00237 static VALUE
00238 ossl_x509store_add_path(VALUE self, VALUE dir)
00239 {
00240     X509_STORE *store;
00241     X509_LOOKUP *lookup;
00242     char *path = NULL;
00243 
00244     if(dir != Qnil){
00245         SafeStringValue(dir);
00246         path = RSTRING_PTR(dir);
00247     }
00248     GetX509Store(self, store);
00249     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
00250     if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
00251     if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
00252         ossl_raise(eX509StoreError, NULL);
00253     }
00254 
00255     return self;
00256 }
00257 
00258 /*
00259  * call-seq:
00260  *   store.set_default_path
00261  *
00262  * Adds the default certificates to the certificate store.  These certificates
00263  * are loaded from the default configuration directory which can usually be
00264  * determined by:
00265  *
00266  *   File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE
00267  */
00268 static VALUE
00269 ossl_x509store_set_default_paths(VALUE self)
00270 {
00271     X509_STORE *store;
00272 
00273     GetX509Store(self, store);
00274     if (X509_STORE_set_default_paths(store) != 1){
00275         ossl_raise(eX509StoreError, NULL);
00276     }
00277 
00278     return Qnil;
00279 }
00280 
00281 /*
00282  * call-seq:
00283  *   store.add_cert(cert)
00284  *
00285  * Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
00286  */
00287 
00288 static VALUE
00289 ossl_x509store_add_cert(VALUE self, VALUE arg)
00290 {
00291     X509_STORE *store;
00292     X509 *cert;
00293 
00294     cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
00295     GetX509Store(self, store);
00296     if (X509_STORE_add_cert(store, cert) != 1){
00297         ossl_raise(eX509StoreError, NULL);
00298     }
00299 
00300     return self;
00301 }
00302 
00303 static VALUE
00304 ossl_x509store_add_crl(VALUE self, VALUE arg)
00305 {
00306     X509_STORE *store;
00307     X509_CRL *crl;
00308 
00309     crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
00310     GetX509Store(self, store);
00311     if (X509_STORE_add_crl(store, crl) != 1){
00312         ossl_raise(eX509StoreError, NULL);
00313     }
00314 
00315     return self;
00316 }
00317 
00318 static VALUE ossl_x509stctx_get_err(VALUE);
00319 static VALUE ossl_x509stctx_get_err_string(VALUE);
00320 static VALUE ossl_x509stctx_get_chain(VALUE);
00321 
00322 static VALUE
00323 ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
00324 {
00325     VALUE cert, chain;
00326     VALUE ctx, proc, result;
00327 
00328     rb_scan_args(argc, argv, "11", &cert, &chain);
00329     ctx = rb_funcall(cX509StoreContext, rb_intern("new"), 3, self, cert, chain);
00330     proc = rb_block_given_p() ?  rb_block_proc() :
00331            rb_iv_get(self, "@verify_callback");
00332     rb_iv_set(ctx, "@verify_callback", proc);
00333     result = rb_funcall(ctx, rb_intern("verify"), 0);
00334 
00335     rb_iv_set(self, "@error", ossl_x509stctx_get_err(ctx));
00336     rb_iv_set(self, "@error_string", ossl_x509stctx_get_err_string(ctx));
00337     rb_iv_set(self, "@chain", ossl_x509stctx_get_chain(ctx));
00338 
00339     return result;
00340 }
00341 
00342 /*
00343  * Public Functions
00344  */
00345 static void ossl_x509stctx_free(X509_STORE_CTX*);
00346 
00347 VALUE
00348 ossl_x509stctx_new(X509_STORE_CTX *ctx)
00349 {
00350     VALUE obj;
00351 
00352     WrapX509StCtx(cX509StoreContext, obj, ctx);
00353 
00354     return obj;
00355 }
00356 
00357 VALUE
00358 ossl_x509stctx_clear_ptr(VALUE obj)
00359 {
00360     OSSL_Check_Kind(obj, cX509StoreContext);
00361     RDATA(obj)->data = NULL;
00362 
00363     return obj;
00364 }
00365 
00366 /*
00367  * Private functions
00368  */
00369 static void
00370 ossl_x509stctx_free(X509_STORE_CTX *ctx)
00371 {
00372     if(ctx->untrusted)
00373         sk_X509_pop_free(ctx->untrusted, X509_free);
00374     if(ctx->cert)
00375         X509_free(ctx->cert);
00376     X509_STORE_CTX_free(ctx);
00377 }
00378 
00379 static VALUE
00380 ossl_x509stctx_alloc(VALUE klass)
00381 {
00382     X509_STORE_CTX *ctx;
00383     VALUE obj;
00384 
00385     if((ctx = X509_STORE_CTX_new()) == NULL){
00386         ossl_raise(eX509StoreError, NULL);
00387     }
00388     WrapX509StCtx(klass, obj, ctx);
00389 
00390     return obj;
00391 }
00392 
00393 static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
00394 static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
00395 static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
00396 static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
00397 
00398 static VALUE
00399 ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
00400 {
00401     VALUE store, cert, chain, t;
00402     X509_STORE_CTX *ctx;
00403     X509_STORE *x509st;
00404     X509 *x509 = NULL;
00405     STACK_OF(X509) *x509s = NULL;
00406 
00407     rb_scan_args(argc, argv, "12", &store, &cert, &chain);
00408     GetX509StCtx(self, ctx);
00409     SafeGetX509Store(store, x509st);
00410     if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
00411     if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
00412 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
00413     if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
00414         sk_X509_pop_free(x509s, X509_free);
00415         ossl_raise(eX509StoreError, NULL);
00416     }
00417 #else
00418     X509_STORE_CTX_init(ctx, x509st, x509, x509s);
00419     ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
00420     ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
00421     ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
00422 #endif
00423     if (!NIL_P(t = rb_iv_get(store, "@time")))
00424         ossl_x509stctx_set_time(self, t);
00425     rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
00426     rb_iv_set(self, "@cert", cert);
00427 
00428     return self;
00429 }
00430 
00431 static VALUE
00432 ossl_x509stctx_verify(VALUE self)
00433 {
00434     X509_STORE_CTX *ctx;
00435     int result;
00436 
00437     GetX509StCtx(self, ctx);
00438     X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
00439                                (void*)rb_iv_get(self, "@verify_callback"));
00440     result = X509_verify_cert(ctx);
00441 
00442     return result ? Qtrue : Qfalse;
00443 }
00444 
00445 static VALUE
00446 ossl_x509stctx_get_chain(VALUE self)
00447 {
00448     X509_STORE_CTX *ctx;
00449     STACK_OF(X509) *chain;
00450     X509 *x509;
00451     int i, num;
00452     VALUE ary;
00453 
00454     GetX509StCtx(self, ctx);
00455     if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
00456         return Qnil;
00457     }
00458     if((num = sk_X509_num(chain)) < 0){
00459         OSSL_Debug("certs in chain < 0???");
00460         return rb_ary_new();
00461     }
00462     ary = rb_ary_new2(num);
00463     for(i = 0; i < num; i++) {
00464         x509 = sk_X509_value(chain, i);
00465         rb_ary_push(ary, ossl_x509_new(x509));
00466     }
00467 
00468     return ary;
00469 }
00470 
00471 static VALUE
00472 ossl_x509stctx_get_err(VALUE self)
00473 {
00474     X509_STORE_CTX *ctx;
00475 
00476     GetX509StCtx(self, ctx);
00477 
00478     return INT2FIX(X509_STORE_CTX_get_error(ctx));
00479 }
00480 
00481 static VALUE
00482 ossl_x509stctx_set_error(VALUE self, VALUE err)
00483 {
00484     X509_STORE_CTX *ctx;
00485 
00486     GetX509StCtx(self, ctx);
00487     X509_STORE_CTX_set_error(ctx, NUM2INT(err));
00488 
00489     return err;
00490 }
00491 
00492 static VALUE
00493 ossl_x509stctx_get_err_string(VALUE self)
00494 {
00495     X509_STORE_CTX *ctx;
00496     long err;
00497 
00498     GetX509StCtx(self, ctx);
00499     err = X509_STORE_CTX_get_error(ctx);
00500 
00501     return rb_str_new2(X509_verify_cert_error_string(err));
00502 }
00503 
00504 static VALUE
00505 ossl_x509stctx_get_err_depth(VALUE self)
00506 {
00507     X509_STORE_CTX *ctx;
00508 
00509     GetX509StCtx(self, ctx);
00510 
00511     return INT2FIX(X509_STORE_CTX_get_error_depth(ctx));
00512 }
00513 
00514 static VALUE
00515 ossl_x509stctx_get_curr_cert(VALUE self)
00516 {
00517     X509_STORE_CTX *ctx;
00518 
00519     GetX509StCtx(self, ctx);
00520 
00521     return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
00522 }
00523 
00524 static VALUE
00525 ossl_x509stctx_get_curr_crl(VALUE self)
00526 {
00527 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
00528     X509_STORE_CTX *ctx;
00529 
00530     GetX509StCtx(self, ctx);
00531     if(!ctx->current_crl) return Qnil;
00532 
00533     return ossl_x509crl_new(ctx->current_crl);
00534 #else
00535     return Qnil;
00536 #endif
00537 }
00538 
00539 static VALUE
00540 ossl_x509stctx_set_flags(VALUE self, VALUE flags)
00541 {
00542     X509_STORE_CTX *store;
00543     long f = NUM2LONG(flags);
00544 
00545     GetX509StCtx(self, store);
00546     X509_STORE_CTX_set_flags(store, f);
00547 
00548     return flags;
00549 }
00550 
00551 static VALUE
00552 ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
00553 {
00554     X509_STORE_CTX *store;
00555     int p = NUM2INT(purpose);
00556 
00557     GetX509StCtx(self, store);
00558     X509_STORE_CTX_set_purpose(store, p);
00559 
00560     return purpose;
00561 }
00562 
00563 static VALUE
00564 ossl_x509stctx_set_trust(VALUE self, VALUE trust)
00565 {
00566     X509_STORE_CTX *store;
00567     int t = NUM2INT(trust);
00568 
00569     GetX509StCtx(self, store);
00570     X509_STORE_CTX_set_trust(store, t);
00571 
00572     return trust;
00573 }
00574 
00575 /*
00576  * call-seq:
00577  *    storectx.time = time => time
00578  */
00579 static VALUE
00580 ossl_x509stctx_set_time(VALUE self, VALUE time)
00581 {
00582     X509_STORE_CTX *store;
00583     long t;
00584 
00585     t = NUM2LONG(rb_Integer(time));
00586     GetX509StCtx(self, store);
00587     X509_STORE_CTX_set_time(store, 0, t);
00588 
00589     return time;
00590 }
00591 
00592 /*
00593  * INIT
00594  */
00595 void
00596 Init_ossl_x509store()
00597 {
00598     VALUE x509stctx;
00599 
00600 #if 0
00601     mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
00602     mX509 = rb_define_module_under(mOSSL, "X509");
00603 #endif
00604 
00605     eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
00606 
00607     /* Document-class: OpenSSL::X509::Store
00608      *
00609      * The X509 certificate store holds trusted CA certificates used to verify
00610      * peer certificates.
00611      *
00612      * The easiest way to create a useful certificate store is:
00613      *
00614      *   cert_store = OpenSSL::X509::Store.new
00615      *   cert_store.set_default_paths
00616      *
00617      * This will use your system's built-in certificates.
00618      *
00619      * If your system does not have a default set of certificates you can
00620      * obtain a set from Mozilla here: http://curl.haxx.se/docs/caextract.html
00621      * (Note that this set does not have an HTTPS download option so you may
00622      * wish to use the firefox-db2pem.sh script to extract the certificates
00623      * from a local install to avoid man-in-the-middle attacks.)
00624      *
00625      * After downloading or generating a cacert.pem from the above link you
00626      * can create a certificate store from the pem file like this:
00627      *
00628      *   cert_store = OpenSSL::X509::Store.new
00629      *   cert_store.add_file 'cacert.pem'
00630      *
00631      * The certificate store can be used with an SSLSocket like this:
00632      *
00633      *   ssl_context = OpenSSL::SSL::SSLContext.new
00634      *   ssl_context.cert_store = cert_store
00635      *
00636      *   tcp_socket = TCPSocket.open 'example.com', 443
00637      *
00638      *   ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
00639      */
00640 
00641     cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
00642     rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
00643     rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
00644     rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
00645     rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
00646     rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
00647     rb_define_method(cX509Store, "initialize",   ossl_x509store_initialize, -1);
00648     rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_vfy_cb, 1);
00649     rb_define_method(cX509Store, "flags=",       ossl_x509store_set_flags, 1);
00650     rb_define_method(cX509Store, "purpose=",     ossl_x509store_set_purpose, 1);
00651     rb_define_method(cX509Store, "trust=",       ossl_x509store_set_trust, 1);
00652     rb_define_method(cX509Store, "time=",        ossl_x509store_set_time, 1);
00653     rb_define_method(cX509Store, "add_path",     ossl_x509store_add_path, 1);
00654     rb_define_method(cX509Store, "add_file",     ossl_x509store_add_file, 1);
00655     rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0);
00656     rb_define_method(cX509Store, "add_cert",     ossl_x509store_add_cert, 1);
00657     rb_define_method(cX509Store, "add_crl",      ossl_x509store_add_crl, 1);
00658     rb_define_method(cX509Store, "verify",       ossl_x509store_verify, -1);
00659 
00660     cX509StoreContext = rb_define_class_under(mX509,"StoreContext",rb_cObject);
00661     x509stctx = cX509StoreContext;
00662     rb_define_alloc_func(cX509StoreContext, ossl_x509stctx_alloc);
00663     rb_define_method(x509stctx,"initialize",  ossl_x509stctx_initialize, -1);
00664     rb_define_method(x509stctx,"verify",      ossl_x509stctx_verify, 0);
00665     rb_define_method(x509stctx,"chain",       ossl_x509stctx_get_chain,0);
00666     rb_define_method(x509stctx,"error",       ossl_x509stctx_get_err, 0);
00667     rb_define_method(x509stctx,"error=",      ossl_x509stctx_set_error, 1);
00668     rb_define_method(x509stctx,"error_string",ossl_x509stctx_get_err_string,0);
00669     rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
00670     rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
00671     rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
00672     rb_define_method(x509stctx,"flags=",      ossl_x509stctx_set_flags, 1);
00673     rb_define_method(x509stctx,"purpose=",    ossl_x509stctx_set_purpose, 1);
00674     rb_define_method(x509stctx,"trust=",      ossl_x509stctx_set_trust, 1);
00675     rb_define_method(x509stctx,"time=",       ossl_x509stctx_set_time, 1);
00676 
00677 }
00678