aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/ossl_x509store.c
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2017-06-14 18:23:25 +0900
committerKazuki Yamaguchi <k@rhe.jp>2017-06-14 18:23:25 +0900
commit576eff66bece4c3e49d4041a3746c2a520627946 (patch)
tree2a1c3c3599d1feee558e32573deb286cb322ee30 /ext/openssl/ossl_x509store.c
parente52a351f02396ad839449c270cd4392277764f36 (diff)
parentdde512aa2d29bac496040af27c0d3487323b7552 (diff)
downloadruby-openssl-576eff66bece4c3e49d4041a3746c2a520627946.tar.gz
Merge branch 'maint'bpoint
* maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
Diffstat (limited to 'ext/openssl/ossl_x509store.c')
-rw-r--r--ext/openssl/ossl_x509store.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 46d3552f..c6cf67ad 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -313,6 +313,15 @@ ossl_x509store_add_file(VALUE self, VALUE file)
if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
ossl_raise(eX509StoreError, NULL);
}
+#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
+ * did not check the return value of X509_STORE_add_{cert,crl}(), leaking
+ * "cert already in hash table" errors on the error queue, if duplicate
+ * certificates are found. This will be fixed by OpenSSL 1.1.1.
+ */
+ ossl_clear_error();
+#endif
return self;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-28 03:06:28 +0000