diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-03-09 17:41:13 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2020-03-09 17:41:13 +0900 |
commit | fc37d4711af7c50390614914521a99610d3fe18a (patch) | |
tree | ff57d77ff2bbfd848dc7e5c2f6c017f9f1c68628 /ext/openssl/ossl_ssl.c | |
parent | 58e9fb31ef86e72e9f1156885acb4f6bcc9a7327 (diff) | |
parent | ec6542835874ca00e3a777334ee049b5b4cd02e4 (diff) | |
download | ruby-openssl-fc37d4711af7c50390614914521a99610d3fe18a.tar.gz |
Merge branch 'maint'
* maint:
ssl: set verify error code in the case of verify_hostname failure
x509: add error code and verify flags constants
Remove taint support
Restore compatibility with older versions of Ruby.
Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
config: support .include directive
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 718f25d8..34bb636e 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -359,7 +359,14 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status)); return 0; } - preverify_ok = ret == Qtrue; + if (ret != Qtrue) { + preverify_ok = 0; +#if defined(X509_V_ERR_HOSTNAME_MISMATCH) + X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH); +#else + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); +#endif + } } return ossl_verify_cb_call(cb, preverify_ok, ctx); |