Merge branch 'maint'

* maint: ssl: set verify error code in the case of verify_hostname failure x509: add error code and verify flags constants Remove taint support Restore compatibility with older versions of Ruby. Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock config: support .include directive
author: Kazuki Yamaguchi <k@rhe.jp> 2020-03-09 17:41:13 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2020-03-09 17:41:13 +0900
commit: fc37d4711af7c50390614914521a99610d3fe18a (patch)
tree: ff57d77ff2bbfd848dc7e5c2f6c017f9f1c68628 /ext/openssl/ossl_ssl.c
parent: 58e9fb31ef86e72e9f1156885acb4f6bcc9a7327 (diff)
parent: ec6542835874ca00e3a777334ee049b5b4cd02e4 (diff)
download: ruby-openssl-fc37d4711af7c50390614914521a99610d3fe18a.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 718f25d8..34bb636e 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -359,7 +359,14 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	    rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status));
 	    return 0;
 	}
-	preverify_ok = ret == Qtrue;
+        if (ret != Qtrue) {
+            preverify_ok = 0;
+#if defined(X509_V_ERR_HOSTNAME_MISMATCH)
+            X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH);
+#else
+            X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
+#endif
+        }
     }
 
     return ossl_verify_cb_call(cb, preverify_ok, ctx);
author	Kazuki Yamaguchi <k@rhe.jp>	2020-03-09 17:41:13 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2020-03-09 17:41:13 +0900
commit	fc37d4711af7c50390614914521a99610d3fe18a (patch)
tree	ff57d77ff2bbfd848dc7e5c2f6c017f9f1c68628 /ext/openssl/ossl_ssl.c
parent	58e9fb31ef86e72e9f1156885acb4f6bcc9a7327 (diff)
parent	ec6542835874ca00e3a777334ee049b5b4cd02e4 (diff)
download	ruby-openssl-fc37d4711af7c50390614914521a99610d3fe18a.tar.gz