diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-02-25 17:27:00 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-02-25 17:27:00 +0900 |
commit | cde6e4a9a879d47dd35551d15ff7cdcb78e628b0 (patch) | |
tree | b7ed667ccbb46f9f7a7fda0b038bf5000c6bed8a /ext/openssl/ossl_x509store.c | |
parent | bd9f5c301716afe7e333f148dcbd2dfe56df2bb0 (diff) | |
parent | 0b18d188572cb61e2f914f38b46d2f2a405b9323 (diff) | |
download | ruby-openssl-cde6e4a9a879d47dd35551d15ff7cdcb78e628b0.tar.gz |
Merge branch 'maint-2.2'
* maint-2.2:
.github/workflows: update Ruby and OpenSSL/LibreSSL versions
bn: check -1 return from BIGNUM functions
.github/workflows: disable pkg-config on Windows tests
ssl: retry write on EPROTOTYPE on macOS
x509store: fix memory leak in X509::StoreContext.new
.github/workflows/test.yml: use GitHub Actions
Skip one assertion for OpenSSL::PKey::EC::Point#mul on LibreSSL
Diffstat (limited to 'ext/openssl/ossl_x509store.c')
-rw-r--r-- | ext/openssl/ossl_x509store.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 1eaaf4b3..5e0ab8d8 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -546,7 +546,7 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE); /* * call-seq: - * StoreContext.new(store, cert = nil, chain = nil) + * StoreContext.new(store, cert = nil, untrusted = nil) * * Sets up a StoreContext for a verification of the X.509 certificate _cert_. */ @@ -558,15 +558,24 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) X509_STORE *x509st; X509 *x509 = NULL; STACK_OF(X509) *x509s = NULL; + int state; rb_scan_args(argc, argv, "12", &store, &cert, &chain); GetX509StCtx(self, ctx); GetX509Store(store, x509st); - if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ - if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); - if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ + if (!NIL_P(cert)) + x509 = DupX509CertPtr(cert); /* NEED TO DUP */ + if (!NIL_P(chain)) { + x509s = ossl_protect_x509_ary2sk(chain, &state); + if (state) { + X509_free(x509); + rb_jump_tag(state); + } + } + if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ + X509_free(x509); sk_X509_pop_free(x509s, X509_free); - ossl_raise(eX509StoreError, NULL); + ossl_raise(eX509StoreError, "X509_STORE_CTX_init"); } if (!NIL_P(t = rb_iv_get(store, "@time"))) ossl_x509stctx_set_time(self, t); |