ocsp: fix error queue leak on OCSP::{BasicResponse,Request}#verify

OCSP_{basic,request}_verify() can return a negative value for verification failure.
author: Kazuki Yamaguchi <k@rhe.jp> 2016-08-26 05:40:55 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-08-26 15:09:02 +0900
commit: c9a24de80f0cb71667eb66f61f2a2e212e2f3ada (patch)
tree: ace22500f8ff9f9fb58eaf3633f13988c025120b /ext/openssl
parent: a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (diff)
download: ruby-openssl-c9a24de80f0cb71667eb66f61f2a2e212e2f3ada.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index de0ee047..d9ee51cd 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -442,7 +442,7 @@ ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
     x509s = ossl_x509_ary2sk(certs);
     result = OCSP_request_verify(req, x509s, x509st, flg);
     sk_X509_pop_free(x509s, X509_free);
-    if (!result)
+    if (result <= 0)
 	ossl_clear_error();
 
     return result > 0 ? Qtrue : Qfalse;
@@ -1120,7 +1120,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
     result = OCSP_basic_verify(bs, x509s, x509st, flg);
 #endif
     sk_X509_pop_free(x509s, X509_free);
-    if (!result)
+    if (result <= 0)
 	ossl_clear_error();
 
     return result > 0 ? Qtrue : Qfalse;
author	Kazuki Yamaguchi <k@rhe.jp>	2016-08-26 05:40:55 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-08-26 15:09:02 +0900
commit	c9a24de80f0cb71667eb66f61f2a2e212e2f3ada (patch)
tree	ace22500f8ff9f9fb58eaf3633f13988c025120b /ext/openssl
parent	a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (diff)
download	ruby-openssl-c9a24de80f0cb71667eb66f61f2a2e212e2f3ada.tar.gz