diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-05 20:51:42 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-05 20:54:44 +0900 |
commit | 68ca4b61bf43a22581ebb5649252a65633a1b680 (patch) | |
tree | d74f6316ecf4abda4e50b133c78b5cf8b5b492ac /ext/openssl | |
parent | 617461ba6de6f7883e636f91461ee78c72e14ff2 (diff) | |
download | ruby-openssl-68ca4b61bf43a22581ebb5649252a65633a1b680.tar.gz |
pkcs12: fix .new to handle strucuture with no keys or no certstopic/pkcs12-read-no-private-key
It's possible that a PKCS #12 strucuture holds zero private keys. At
such a time PKCS12_parse() returns NULL as the private key. Likewise,
when the strucuture does not contain the corresponding certificate to
the private key, PKCS12_parse() returns NULL as the certificate.
Reported and fix suggested by Masahiro Tomita <tommy@tmtm.org>.
[ruby-dev:49776] [Bug #12726]
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_pkcs12.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index a7daad20..0b9c7816 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -190,15 +190,17 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self) if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s)) ossl_raise(ePKCS12Error, "PKCS12_parse"); ERR_pop_to_mark(); - pkey = rb_protect((VALUE (*)(VALUE))ossl_pkey_new, (VALUE)key, - &st); /* NO DUP */ - if(st) goto err; - cert = rb_protect((VALUE (*)(VALUE))ossl_x509_new, (VALUE)x509, &st); - if(st) goto err; - if(x509s){ - ca = - rb_protect((VALUE (*)(VALUE))ossl_x509_sk2ary, (VALUE)x509s, &st); - if(st) goto err; + if (key) { + pkey = rb_protect((VALUE (*)(VALUE))ossl_pkey_new, (VALUE)key, &st); + if (st) goto err; + } + if (x509) { + cert = rb_protect((VALUE (*)(VALUE))ossl_x509_new, (VALUE)x509, &st); + if (st) goto err; + } + if (x509s) { + ca = rb_protect((VALUE (*)(VALUE))ossl_x509_sk2ary, (VALUE)x509s, &st); + if (st) goto err; } err: |