POC for certificates/CRLs

HoneyryderChuck · HoneyryderChuck · commit 440618c625e1 · 2024-11-07T12:58:32.000Z
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
@@ -224,6 +224,10 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     rb_iv_set(self, "@error_string", Qnil);
     rb_iv_set(self, "@chain", Qnil);
 
+    /* added certificate/CRL references */
+    rb_iv_set(self, "@certificates", rb_ary_new());
+    rb_iv_set(self, "@crls", rb_ary_new());
+
     return self;
 }
 
@@ -449,13 +453,23 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
 {
     X509_STORE *store;
     X509 *cert;
+    VALUE certificates;
 
     rb_check_frozen(self);
+
+    certificates = rb_iv_get(self, "@certificates");
+
+
+    if(RTEST(rb_funcall(certificates, rb_intern("include?"), 1, arg)))
+        return self;
+
     cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
     if (X509_STORE_add_cert(store, cert) != 1)
         ossl_raise(eX509StoreError, "X509_STORE_add_cert");
 
+    rb_ary_push(certificates, arg);
+
     return self;
 }
 
@@ -472,13 +486,22 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
 {
     X509_STORE *store;
     X509_CRL *crl;
+    VALUE crls;
 
     rb_check_frozen(self);
+
+    crls = rb_iv_get(self, "@crls");
+
+    if(RTEST(rb_funcall(crls, rb_intern("include?"), 1, arg)))
+        return self;
+
     crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
     if (X509_STORE_add_crl(store, crl) != 1)
         ossl_raise(eX509StoreError, "X509_STORE_add_crl");
 
+    rb_ary_push(crls, arg);
+
     return self;
 }
 
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
@@ -333,6 +333,14 @@ def ==(other)
       end
     end
 
+    class Store
+      def freeze
+        super
+        @certificates.each(&:freeze)
+        @crls.each(&:freeze)
+      end
+    end
+
     class StoreContext
       def cleanup
         warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
