From 443d13e9b2c127230fde2733959eaa4d41eb355d Mon Sep 17 00:00:00 2001
From: thekuwayama <thekuwayama@gmail.com>
Date: Tue, 31 Dec 2019 21:48:52 +0900
Subject: modify ossl_sslctx_add_certificate_chain_file() to raise Error and to
 return self

add test_add_certificate_chain_file_multiple_certs
---
 ext/openssl/ossl_ssl.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

(limited to 'ext')

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4ee698cd..ee56edc0 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1324,7 +1324,7 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self)
 
 /*
  * call-seq:
- *    ctx.add_certificate_chain_file(certs_path, pkey_path) -> true | false
+ *    ctx.add_certificate_chain_file(certs_path, pkey_path) -> self
  *
  * Loads chain certificates from _certs_path_ and a private key from
  * _pkey_path_.
@@ -1336,11 +1336,19 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self)
  * _pkey_path_::
  *   A path to a private key file. An instance of String.
  *
+ * === Example
+ *   ctx.add_certificate_chain(rsa_cert_path, rsa_key_path)
+ *
+ *   ctx.add_certificate_chain(ecdsa_cert_path, ecdsa_key_path)
+ *
  * === Note
  * The file format of the certificate and private key must be PEM.
  *
  * The certificate file must be starting with the subject's certificate and
- * followed by intermediate CA certificates (and root CA certificate).
+ * followed by intermediate CA certificate(s).
+ *
+ * OpenSSL before the version 1.0.2 could handle only one extra chain across
+ * all key types. Calling this method discards the chain set previously.
  */
 static VALUE
 ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE certs_path, VALUE pkey_path)
@@ -1348,20 +1356,15 @@ ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE certs_path, VALUE pkey_
     SSL_CTX *ctx;
 
     GetSSLCTX(self, ctx);
-    if (NIL_P(certs_path))
-        ossl_raise(rb_eArgError, "certs_path must be the path to certificates");
-
-    if (NIL_P(pkey_path))
-        ossl_raise(rb_eArgError, "pkey_path must be the path to private key");
 
     /* SSL_CTX_use_certificate_chain_file() loads PEM format file. */
     if (SSL_CTX_use_certificate_chain_file(ctx, StringValueCStr(certs_path)) != 1)
-        return Qfalse;
+        ossl_raise(eSSLError, "SSL_CTX_use_certificate_chain_file");
 
     if (SSL_CTX_use_PrivateKey_file(ctx, StringValueCStr(pkey_path), SSL_FILETYPE_PEM) != 1)
-        return Qfalse;
+        ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey_file");
 
-    return Qtrue;
+    return self;
 }
 
 /*
-- 
cgit v1.2.3