POC for certificates/CRLs

ext/openssl/ossl_x509store.c

@@ -224,6 +224,10 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     rb_iv_set(self, "@error_string", Qnil);
     rb_iv_set(self, "@chain", Qnil);
 
+    /* added certificate/CRL references */
+    rb_iv_set(self, "@certificates", rb_ary_new());
+    rb_iv_set(self, "@crls", rb_ary_new());
+
     return self;
 }
 
@@ -449,8 +453,16 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
 {
     X509_STORE *store;
     X509 *cert;
+    VALUE certificates;
 
     rb_check_frozen(self);
+
+    certificates = rb_iv_get(self, "@certificates");
+
+
+    if(RTEST(rb_funcall(certificates, rb_intern("include?"), 1, arg)))
+        return self;
+
     cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
     if (X509_STORE_add_cert(store, cert) != 1)
@@ -472,8 +484,15 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
 {
     X509_STORE *store;
     X509_CRL *crl;
+    VALUE crls;
 
     rb_check_frozen(self);
+
+    crls = rb_iv_get(self, "@crls");
+
+    if(RTEST(rb_funcall(crls, rb_intern("include?"), 1, arg)))
+        return self;
+
     crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
     if (X509_STORE_add_crl(store, crl) != 1)

lib/openssl/x509.rb

@@ -333,6 +333,14 @@ def ==(other)
       end
     end
 
+    class Store
+      def freeze
+        super
+        @certificates.each(&:freeze)
+        @crls.each(&:freeze)
+      end
+    end
+
     class StoreContext
       def cleanup
         warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE