method

sign

v2_6_3 - Show latest stable - 0 notes - Class: Request

sign(p1, p2, p3 = v3, p4 = v4, p5 = v5) public

Signs this OCSP request using cert, key and optional digest. If digest is not specified, SHA-1 is used. certs is an optional Array of additional certificates which are included in the request in addition to the signer certificate. Note that if certs is nil or not given, flag OpenSSL::OCSP::NOCERTS is enabled. Pass an empty array to include only the signer certificate.

flags is a bitwise OR of the following constants:

OpenSSL::OCSP::NOCERTS

Don’t include any certificates in the request. certs will be ignored.

Show source

static VALUE
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
{
    VALUE signer_cert, signer_key, certs, flags, digest;
    OCSP_REQUEST *req;
    X509 *signer;
    EVP_PKEY *key;
    STACK_OF(X509) *x509s = NULL;
    unsigned long flg = 0;
    const EVP_MD *md;
    int ret;

    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &digest);
    GetOCSPReq(self, req);
    signer = GetX509CertPtr(signer_cert);
    key = GetPrivPKeyPtr(signer_key);
    if (!NIL_P(flags))
        flg = NUM2INT(flags);
    if (NIL_P(digest))
        md = EVP_sha1();
    else
        md = ossl_evp_get_digestbyname(digest);
    if (NIL_P(certs))
        flg |= OCSP_NOCERTS;
    else
        x509s = ossl_x509_ary2sk(certs);

    ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
    sk_X509_pop_free(x509s, X509_free);
    if (!ret) ossl_raise(eOCSPError, NULL);

    return self;
}

sign

Related methods