From d5a62c2d9e92e980d98a75c92d3e102cd0711ed1 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sun, 4 Sep 2016 16:17:23 +0900 Subject: Avoid using ERR_get_error() Use ERR_peek_error() which does not remove the fetched error from the queue instead, then clear the queue explicitly with the dedicated function ossl_clear_error(). OpenSSL may put multiple error items to the queue in one function call. --- ext/openssl/ossl_pkcs7.c | 2 +- ext/openssl/ossl_x509cert.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index fd58b48b..4040355f 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -795,7 +795,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self) BIO_free(in); sk_X509_pop_free(x509s, X509_free); if (ok < 0) ossl_raise(ePKCS7Error, "PKCS7_verify"); - msg = ERR_reason_error_string(ERR_get_error()); + msg = ERR_reason_error_string(ERR_peek_error()); ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil); ossl_clear_error(); data = ossl_membio2str(out); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index ad1126d4..cecc3ca0 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -624,7 +624,7 @@ ossl_x509_check_private_key(VALUE self, VALUE key) pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ GetX509(self, x509); if (!X509_check_private_key(x509, pkey)) { - OSSL_Warning("Check private key:%s", OSSL_ErrMsg()); + ossl_clear_error(); return Qfalse; } -- cgit v1.2.3