diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 05:40:55 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 15:09:02 +0900 |
commit | c9a24de80f0cb71667eb66f61f2a2e212e2f3ada (patch) | |
tree | ace22500f8ff9f9fb58eaf3633f13988c025120b /ext/openssl | |
parent | a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (diff) | |
download | ruby-openssl-c9a24de80f0cb71667eb66f61f2a2e212e2f3ada.tar.gz |
ocsp: fix error queue leak on OCSP::{BasicResponse,Request}#verify
OCSP_{basic,request}_verify() can return a negative value for
verification failure.
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index de0ee047..d9ee51cd 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -442,7 +442,7 @@ ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self) x509s = ossl_x509_ary2sk(certs); result = OCSP_request_verify(req, x509s, x509st, flg); sk_X509_pop_free(x509s, X509_free); - if (!result) + if (result <= 0) ossl_clear_error(); return result > 0 ? Qtrue : Qfalse; @@ -1120,7 +1120,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) result = OCSP_basic_verify(bs, x509s, x509st, flg); #endif sk_X509_pop_free(x509s, X509_free); - if (!result) + if (result <= 0) ossl_clear_error(); return result > 0 ? Qtrue : Qfalse; |