aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove "gemspec" from Gemfileky/gemfile-skip-gemspecKazuki Yamaguchi2024-06-131-2/+0
| | | | | | | | The local lib directory may contain an incomplete openssl library. The "gemspec" line in Gemfile causes "bundle exec" to put the lib directory in the load path. Although our Rakefile does not use openssl itself, it still indirectly tries to load it as a RubyGems dependency.
* Don't download OpenSSL from ftp.openssl.org anyomreKJ Tsanaktsidis2024-06-081-1/+1
| | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] OpenSSL announced that they're changing how they handle releases in this blog post: https://openssl.org/blog/blog/2024/04/30/releases-distribution-changes/ The tl;dr is that: * ftp.openssl.org is being shut down (even for HTTP access) * The releases at openssl.org/source will redirect to github * git.openssl.org is also shut down (the git repo is on github) This commit just changes over to using openss.org/source instead of ftp.openssl.org. We might also need to switch to downloading directly from Github... let's see. It also changes to cloning the head of openssl from github too. (cherry picked from commit 64c50112b60e2cdcc447620a1bd73380f7186600)
* Merge pull request #752 from rhenium/pkcs7-empty-signed-data-19974Kazuki Yamaguchi2024-05-022-1/+22
|\ | | | | Handle missing content in PKCS7
| * pkcs7: raise PKCS7Error for PKCS7 without content in PKCS7.read_smimepkcs7-empty-signed-data-19974Jeremy Evans2024-05-012-1/+15
| | | | | | | | | | | | | | | | [pkuzco: expanded the fix for other content types] [ky: adjusted formatting and the exception type] Co-authored-by: pkuzco <b.naamneh@gmail.com> Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
| * pkcs7: raise ArgumentError for PKCS7 with no content in PKCS7.newJeremy Evans2024-05-012-0/+7
| | | | | | | | | | | | | | | | | | | | Fixes [Bug #19974] [pkuzco: expanded the fix for other content types] [ky: adjusted formatting and the exception type] Co-authored-by: pkuzco <b.naamneh@gmail.com> Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
* | Merge pull request #717 from rhenium/ky/cipher-update-fix-buffer-sizeKazuki Yamaguchi2024-05-012-3/+31
|\ \ | |/ |/| cipher: fix buffer overflow in Cipher#update
| * cipher: fix buffer overflow in Cipher#updateky/cipher-update-fix-buffer-sizeKazuki Yamaguchi2024-05-012-3/+31
|/ | | | | | | | | | | | | | | OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a block size of 8 bytes, but the output may be up to 15 bytes larger than the input. Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output buffer size, instead. OpenSSL doesn't provide a generic way to tell the maximum required buffer size for ciphers, but this is large enough for all algorithms implemented in current versions of OpenSSL. Fixes: https://bugs.ruby-lang.org/issues/20236
* ssl: allow failure on test_connect_certificate_verify_failed_exception_messageky/maint-3.0-backportsKazuki Yamaguchi2024-05-011-0/+3
| | | | | | | | | | | | [ This patch only applies to the 3.0 and 3.1 branch. ] It is a test case for SSLSocket generating an informative error message on a certificate verification failure. A change in OpenSSL 3.1 broke it and a generic error message is currently generated. This is fixed in the 3.2 branch by commit 5113777e8271, but I decided not to backport the commit to the 3.0 branch because the diff doesn't apply cleanly.
* .github/workflows/test.yml: synchronize with masterKazuki Yamaguchi2024-05-011-47/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] Backport changes made to .github/workflows/test.yml in master branch, except: - Minimum version is Ruby 2.6 - FIPS-mode related changes are excluded (as it's not supported) This includes the following commits: fcf53d5d6e88 CI: Remove workaround for Ruby-3.2 and 3.3 on Windows 567b412612c3 CI: Upgrade OpenSSL and LibreSSL versions. 405f1eee3dcf CI: Add OpenSSL no-legacy case. 9a995837ba7b CI: Upgrade OpenSSL and LibreSSL versions. 6feeeb821592 CI: Add the rubyinstaller2 issue link that legacy provider is not loaded. 7aed35ac969d Windows Ruby 3.3: Workaround: Set OPENSSL_MODULES to find providers. adfb6bb9e5b7 CI: Add OpenSSL 3.2.0. fafe1af4a96e CI: Change the openssl_fips.cnf.tmpl and openssl_fips.cnf directories. f07e6f5ff2e7 CI: Upgrade OpenSSL and LibreSSL versions. 0dda88d44811 Merge pull request #682 from ruby/dependabot/github_actions/actions/checkout-4 0b83eed154de Rakefile: Add test_fips task for convenience. b94314f7165f Bump actions/checkout from 3 to 4 8c7a6a17e2bd Remove OSSL_DEBUG compile-time option e35f19076aac CI: Replace "mode" in "FIPS mode" with "module". 61434f66d6a4 Rakefile: Print FIPS information in the `rake debug`. 7ec8024b1e9a CI: Add OpenSSL master branch head non-FIPS and FIPS cases. 24d8addd2ac9 CI: Upgrade OpenSSL versions. fddfc5585482 CI: Add OpenSSL 3.1 FIPS case. 58ce7fa4b90c .github/workflows/test.yml: add provider load path for Windows f6e57e1b9088 CI: Fix a typo in the comment. [ci skip] 52402f6a1cad CI: Check compiler warnings. f6ba75e51e05 Drop support for Ruby 2.6 3456770a4219 CI: Upgrade OpenSSL and LibreSSL versions. 79786cab6f77 CI: Rename the key name "foo_bar" (underscore) to "foo-bar" (hyphen). 8149cdf6e874 CI: Add the test/openssl/test_pkey.rb on the FIPS mode case. 08e19817b5d0 CI: Enable the verbose mode in the mkmf.rb by env MAKEFLAGS. 121b3b2a35ca Revert "CI: Enable the verbose mode in the mkmf.rb." a832f5cb98ee CI: Enable the verbose mode in the mkmf.rb. 18b017218ca8 CI: Add OpenSSL FIPS mode case. af27f509a147 .github/workflows/test.yml: Update OpenSSL versions d277123cb7bb skip failing test with truffleruby and ubuntu-22.04 25352f4f6c08 Exclude truffleruby with macos-latest d7f90c7c03b7 Fix missing needs call 064066437607 Try to run with TruffleRuby aeee125a7b3d Use ruby/actions/.github/workflows/ruby_versions.yml@master fd4074235877 .github/workflows/test.yml: update LibreSSL versions ff2fe4b4c5b3 Strip trailing spaces [ci skip] 9c24dccf5436 Actions - Use Ubuntu 20.04 for 1.1.1 CI, misc fixes cc876f58532c [CI] test.yml - test-openssls - use 1.1.1q, 3.0.5 0fb8d1b43aa5 [CI] add Ubuntu-22.04 and update mswin, all are OpenSSL 3 158868649532 Merge pull request #505 from ruby/update-actions 9f901dc05ce5 Test on LibreSSL 3.4 and 3.5 f2d072cad504 Use actions/checkout@v3 699e2749f525 Added 3.1 b28df9025f12 Install openssl with vcpkg on mswin
* Only CSR version 1 (encoded as 0) is allowed by PKIX standardsJob Snijders2024-05-011-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] RFC 2986, section 4.1 only defines version 1 for CSRs. This version is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version to anything but 1 fails. Do not attempt to generate a CSR with invalid version (which now fails) and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its subject rather than using an invalid version. This commit fixes the following error. ``` 2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: X509_REQ_set_version: passed invalid argument /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version=' /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr' /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in `test_version' 40: req = OpenSSL::X509::Request.new(req.to_der) 41: assert_equal(0, req.version) 42: => 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256')) 44: assert_equal(1, req.version) 45: req = OpenSSL::X509::Request.new(req.to_der) 46: assert_equal(1, req.version) ``` (cherry picked from commit c06fdeb0912221d9a2888369bbf9c10704af021e)
* test_asn1.rb: Remove the assertions of the time string format without second.Jun Aruga2024-05-011-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] This commit fixes the following errors in the tests. Because the OpenSSL project changed the code to make the time string format without second invalid. So, we drop the assertions. ``` 1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime' 430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39)) 431: # LibreSSL 3.6.0 requires the seconds element 432: return if libressl? => 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b, 434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0)) 435: # not implemented 436: # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b, 2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime' 408: end 409: # Seconds is omitted. LibreSSL 3.6.0 requires it 410: return if libressl? => 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b, 412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0)) 413: # not implemented 414: # decode_test B(%w{ 17 11 }) + "500908234339+0930".b, ``` (cherry picked from commit 2e826d571546cdc3beaa884f9e522a102d531641)
* test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0Kazuki Yamaguchi2024-05-011-3/+6
| | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime to be always present. LibreSSL 3.6.0 release note [1] says: > - The ASN.1 time parser has been refactored and rewritten using CBS. > It has been made stricter in that it now enforces the rules from > RFC 5280. [1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt (cherry picked from commit bbc540fe83195e2a54cf40fab448cea2afe4df1d)
* Use EVP_Digest{Sign,Verify} when availableTheo Buehler2024-05-011-2/+2
| | | | | | | | | | [ This is a backport to the 3.0 branch. ] LibreSSL 3.4 added EVP_DigestSign() and EVP_DigestVerify(). Use them when available to prepare for the addition of Ed25519 support in LibreSSL 3.7. (cherry picked from commit 475b2bf766d6093370e49abd5dce5436cc0034ca)
* Merge pull request #706 from jaymzjulian/fix-large-buffered-write-regressionKazuki Yamaguchi2024-03-211-6/+11
|\ | | | | Fix regression in do_write(s) causing significant performance issues when using large (>10meg) writes
| * Fix performance regression in do_write(s)Jaymz Julian2024-02-051-6/+11
|/ | | | | | | | | | This causes significant performance issues when using large (>10meg) writes Fix by adjusting the buffer write function to clear the buffer once, rather than piece by piece, avoiding a case where a large write (in our case, around 70mbytes) will consume 100% of CPU. This takes a webrick GET request via SSL from around 200kbyts/sec and consuming 100% of a core, to line speed on gigabit ethernet and 6% cpu utlization.
* test/openssl/test_pkey.rb: allow failures in test_s_generate_parametersKazuki Yamaguchi2022-12-241-5/+5
| | | | | | | Commit f2e2a5e5ed8e ("test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters", 2022-12-23) was completely bogus. The problem in OpenSSL 3.0.0-3.0.5 is that errors from the callback are sometimes silently suppressed.
* Ruby/OpenSSL 3.0.2ky/release-3.0.2Kazuki Yamaguchi2022-12-233-2/+16
|
* Merge branch 'maint-2.2' into maint-3.0Kazuki Yamaguchi2022-12-233-17/+38
|\ | | | | | | | | | | | | | | | | | | * maint-2.2: Ruby/OpenSSL 2.2.3 ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
| * Ruby/OpenSSL 2.2.3maint-2.2ky/release-2.2.3Kazuki Yamaguchi2022-12-233-2/+17
| |
| * ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certsKazuki Yamaguchi2022-12-233-2/+10
| | | | | | | | | | | | | | | | | | [ This is a backport to the 2.2 branch to fix build with LibreSSL. ] OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro. (cherry picked from commit 2be6779b08161a084a1a5d2758de21a913740b94)
| * ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5Kazuki Yamaguchi2022-12-231-1/+2
| | | | | | | | | | | | | | The workaround is not needed on LibreSSL 3.5. LibreSSL 3.5 at the same time made the structure opaque, so it does not compile. This is a patch to the 2.2 branch; the code no longer exists in v3.0.
| * Merge pull request #572 from MSP-Greg/maint-2.2-actionsKazuki Yamaguchi2022-12-181-7/+7
| |\ | | | | | | maint-2.2 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3
| | * Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3MSP-Greg2022-11-281-7/+7
| | |
| * | Merge pull request #564 from bannable/ec_point_ops-raiseKazuki Yamaguchi2022-12-181-7/+11
| |\ \ | | | | | | | | raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
| | * | raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning trueJoe Truba2022-11-231-7/+11
| | |/
| * | Merge pull request #570 from bannable/ec_fix-raises-maint-2.2Kazuki Yamaguchi2022-12-181-5/+5
| |\ \ | | |/ | |/| pkey/ec: fix multiple ossl_raise() calls using cEC_POINT instead of eEC_POINT
| | * pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINTJoe Truba2022-11-271-5/+5
| |/
* | Fix build with LibreSSL 3.5Jeremy Evans2022-12-231-1/+1
| | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] (cherry picked from commit e25fb0d0d86da5a9398ebdc9216b2ea89f80fa3d)
* | Fix operator precedence in OSSL_OPENSSL_PREREQ and OSSL_LIBRESSL_PREREQJeremy Evans2022-12-231-2/+2
| | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] (cherry picked from commit b02815271fcc295cb8b07ef740684b88a10f2760)
* | Merge pull request #580 from rhenium/ky/pkey-ec-fix-checkKazuki Yamaguchi2022-12-234-5/+35
|\ \ | | | | | | pkey/ec: check private key validity with OpenSSL 3
| * | pkey/ec: check private key validity with OpenSSL 3ky/pkey-ec-fix-checkJoe Truba2022-12-234-5/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1 and 3.0 so that it no longer validates the private key. Instead, private keys can be validated through EVP_PKEY_private_check and EVP_PKEY_pairwise_check. [ky: simplified condition to use either EVP_PKEY_check() or EVP_PKEY_public_check().]
* | | test/openssl/test_pkey.rb: allow failures in test_s_generate_parametersKazuki Yamaguchi2022-12-231-0/+5
|/ / | | | | | | | | | | | | The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's OpenSSL package has not backported the patch yet. Reference: https://github.com/ruby/openssl/issues/492
* | Ruby/OpenSSL 3.0.1v3.0.1Kazuki Yamaguchi2022-09-083-2/+26
| |
* | Merge branch 'maint-2.2' into maint-3.0Kazuki Yamaguchi2022-09-082-2/+18
|\| | | | | | | | | | | | | | | | | * maint-2.2: Ruby/OpenSSL 2.2.2 Ruby/OpenSSL 2.1.4 Make GitHub Actions happy on 2.1/2.2 branches test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b ignore pkgconfig when any openssl option is specified
| * Ruby/OpenSSL 2.2.2v2.2.2Kazuki Yamaguchi2022-09-083-2/+8
| |
| * Merge branch 'maint-2.1' into maint-2.2Kazuki Yamaguchi2022-09-084-3/+15
| |\ | | | | | | | | | | | | | | | | | | * maint-2.1: Ruby/OpenSSL 2.1.4 Make GitHub Actions happy on 2.1/2.2 branches ignore pkgconfig when any openssl option is specified
| | * Ruby/OpenSSL 2.1.4v2.1.4maint-2.1Kazuki Yamaguchi2022-09-083-2/+12
| | |
| | * Make GitHub Actions happy on 2.1/2.2 branchesKazuki Yamaguchi2022-09-082-1/+3
| | |
| | * Merge remote-tracking branch 'upstream/pr/486' into maint-2.1Kazuki Yamaguchi2022-09-021-2/+2
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a backport to the 2.1 branch. The Pull Request was accidentally merged into master instead. * upstream/pr/486: ignore pkgconfig when any openssl option is specified
| | | * ignore pkgconfig when any openssl option is specifiedStefan Kaes2022-01-111-2/+2
| | |/
| * | test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1bKazuki Yamaguchi2022-09-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 2.2 branch. ] AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters assignment order. This has been relaxed by OpenSSL 1.1.1c. https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee The test case is failing on Ubuntu 18.04 because it still uses the initial 1.1.1 release and has the issue: http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz (cherry picked from commit ruby/ruby@44d67128a827c65d1a3867c5d8fd190d10aa1dd2) (cherry picked from commit c7edb0a0f93ef6e137481d59103aec5fe09c3d66)
* | | Merge pull request #541 from rhenium/ky/pkey-ec-export-segfault-regressionKazuki Yamaguchi2022-09-082-0/+6
|\ \ \ | | | | | | | | pkey/ec: check existence of public key component before exporting
| * | | pkey/ec: check existence of public key component before exportingky/pkey-ec-export-segfault-regressionKazuki Yamaguchi2022-09-022-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | i2d_PUBKEY_bio() against an EC_KEY without the public key component trggers a null dereference. This is a regression introduced by commit 56f0d34d63fb ("pkey: refactor #export/#to_pem and #to_der", 2017-06-14). Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524 Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057
* | | | Merge pull request #540 from rhenium/ky/pkey-read-prefer-keysKazuki Yamaguchi2022-09-082-3/+65
|\ \ \ \ | | | | | | | | | | pkey: restore support for decoding "openssl ecparam -genkey" output
| * | | | pkey: restore support for decoding "openssl ecparam -genkey" outputky/pkey-read-prefer-keysKazuki Yamaguchi2022-09-022-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Scan through the input for a private key, then fallback to generic decoder. OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding formats. While this is useful for OpenSSL::PKey::PKey, an edge case has been discovered. The openssl CLI command line "openssl ecparam -genkey" prints two PEM blocks in a row, one for EC parameters and another for the private key. Feeding the whole output into OSSL_DECODER results in only the first PEM block, the key parameters, being decoded. Previously, ruby/openssl did not support decoding key parameters and it would decode the private key PEM block instead. While the new behavior is technically correct, "openssl ecparam -genkey" is so widely used that ruby/openssl does not want to break existing applications. Fixes https://github.com/ruby/openssl/pull/535
| * | | | pkey: clear error queue before each OSSL_DECODER_from_bio() callKazuki Yamaguchi2022-09-021-4/+7
| |/ / / | | | | | | | | | | | | Fix potential error queue leak.
* | | | Merge pull request #539 from rhenium/ky/pkey-dsa-generate-fix-qKazuki Yamaguchi2022-09-022-0/+27
|\ \ \ \ | | | | | | | | | | pkey/dsa: let PKey::DSA.generate choose appropriate q size
| * | | | pkey/dsa: let PKey::DSA.generate choose appropriate q sizeky/pkey-dsa-generate-fix-qKazuki Yamaguchi2022-09-022-0/+27
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DSA parameters generation via EVP_PKEY_paramgen() will not automatically adjust the size of q value but uses 224 bits by default unless specified explicitly. This behavior is different from the now-deprecated DSA_generate_parameters_ex(), which PKey::DSA.generate used to call. Fixes https://github.com/ruby/openssl/issues/483 Fixes: 1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17)
* | | | Merge pull request #537 from rhenium/ky/x509-delete-attr-cleanupKazuki Yamaguchi2022-09-024-12/+12
|\ \ \ \ | | | | | | | | | | x509*: fix error queue leak in #extensions= and #attributes= methods
| * | | | x509*: fix error queue leak in #extensions= and #attributes= methodsky/x509-delete-attr-cleanupKazuki Yamaguchi2022-09-024-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509at_delete_attr() in OpenSSL master puts an error queue entry if there is no attribute left to delete. We must either clear the error queue, or try not to call it when the list is already empty.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-14 03:06:22 +0000