From b4ae6c4dbb833726387c38e10fb136fa544afc7a Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Tue, 25 Jun 2024 11:47:50 -0700 Subject: [PATCH] Set time directly on the x509 store Instead of an ivar, so other ossl functions that take a store will use the correct time when verifying --- ext/openssl/ossl_x509store.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 31328ec47..758ee95bc 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -223,7 +223,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error_string", Qnil); rb_iv_set(self, "@chain", Qnil); - rb_iv_set(self, "@time", Qnil); return self; } @@ -329,7 +328,17 @@ ossl_x509store_set_trust(VALUE self, VALUE trust) static VALUE ossl_x509store_set_time(VALUE self, VALUE time) { - rb_iv_set(self, "@time", time); + X509_STORE *store; + X509_VERIFY_PARAM *param; + + GetX509Store(self, store); + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_time(param, NUM2LONG(rb_Integer(time))); + if (!X509_STORE_set1_param(store, param)) + { + X509_VERIFY_PARAM_free(param); + ossl_raise(eX509StoreError, "X509_STORE_set1_param"); + } return time; } @@ -599,8 +608,6 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, "X509_STORE_CTX_init"); } - if (!NIL_P(t = rb_iv_get(store, "@time"))) - ossl_x509stctx_set_time(self, t); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@cert", cert);