diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index bc19cc53c..87f4b9b9a 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -224,6 +224,10 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) rb_iv_set(self, "@error_string", Qnil); rb_iv_set(self, "@chain", Qnil); + /* added certificate/CRL references */ + rb_iv_set(self, "@certificates", rb_ary_new()); + rb_iv_set(self, "@crls", rb_ary_new()); + return self; } @@ -449,8 +453,16 @@ ossl_x509store_add_cert(VALUE self, VALUE arg) { X509_STORE *store; X509 *cert; + VALUE certificates; rb_check_frozen(self); + + certificates = rb_iv_get(self, "@certificates"); + + + if(RTEST(rb_funcall(certificates, rb_intern("include?"), 1, arg))) + return self; + cert = GetX509CertPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); if (X509_STORE_add_cert(store, cert) != 1) @@ -472,8 +484,15 @@ ossl_x509store_add_crl(VALUE self, VALUE arg) { X509_STORE *store; X509_CRL *crl; + VALUE crls; rb_check_frozen(self); + + crls = rb_iv_get(self, "@crls"); + + if(RTEST(rb_funcall(crls, rb_intern("include?"), 1, arg))) + return self; + crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); if (X509_STORE_add_crl(store, crl) != 1) diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index b66727420..9ade2726f 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -333,6 +333,14 @@ def ==(other) end end + class Store + def freeze + super + @certificates.each(&:freeze) + @crls.each(&:freeze) + end + end + class StoreContext def cleanup warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE