aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-05-18 01:02:11 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-18 12:56:28 +0900
commitf7bfb15529d25cf247dcaaa8ccad431c11779c3e (patch)
tree5bd73f1b350c61fbabf6f5f31a6f451450e52ca4
parentdd644f3c01bb4a8003d70f352793b78574697d88 (diff)
downloadruby-f7bfb15529d25cf247dcaaa8ccad431c11779c3e.tar.gz
openssl: report errors in OpenSSL error queue when clear it
* ext/openssl/ossl.c (ossl_clear_error): Extracted from ossl_make_error(). This prints errors in the OpenSSL error queue if OpenSSL.debug is true, and clears the queue. (ossl_make_error): use ossl_clear_error(). * ext/openssl/ossl.h: add prototype declaration of ossl_make_error(). (OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing silently makes debugging difficult. * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto. * ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto. * ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto. * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto. (ossl_ec_group_initialize): ditto. * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
-rw-r--r--ChangeLog24
-rw-r--r--ext/openssl/ossl.c19
-rw-r--r--ext/openssl/ossl.h8
-rw-r--r--ext/openssl/ossl_engine.c2
-rw-r--r--ext/openssl/ossl_ns_spki.c2
-rw-r--r--ext/openssl/ossl_pkcs7.c2
-rw-r--r--ext/openssl/ossl_pkey_dsa.c2
-rw-r--r--ext/openssl/ossl_pkey_ec.c4
-rw-r--r--ext/openssl/ossl_ssl.c2
9 files changed, 50 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index 6094f1a..0940f98 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,27 @@
+Wed May 18 12:07:42 2016 Kazuki Yamaguchi <k@rhe.jp>
+
+ * ext/openssl/ossl.c (ossl_clear_error): Extracted from
+ ossl_make_error(). This prints errors in the OpenSSL error queue if
+ OpenSSL.debug is true, and clears the queue.
+ (ossl_make_error): use ossl_clear_error().
+
+ * ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
+ (OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
+ silently makes debugging difficult.
+
+ * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.
+
+ * ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.
+
+ * ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.
+
+ * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
+
+ * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
+ (ossl_ec_group_initialize): ditto.
+
+ * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
+
Wed May 18 11:53:49 2016 Kazuki Yamaguchi <k@rhe.jp>
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index d03dfa7..ac82815 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -318,12 +318,7 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
rb_str_cat2(str, msg ? msg : "(null)");
}
}
- if (dOSSL == Qtrue){ /* show all errors on the stack */
- while ((e = ERR_get_error()) != 0){
- rb_warn("error on stack: %s", ERR_error_string(e, NULL));
- }
- }
- ERR_clear_error();
+ ossl_clear_error();
if (NIL_P(str)) str = rb_str_new(0, 0);
return rb_exc_new3(exc, str);
@@ -351,6 +346,18 @@ ossl_exc_new(VALUE exc, const char *fmt, ...)
return err;
}
+void
+ossl_clear_error(void)
+{
+ if (dOSSL == Qtrue) {
+ long e;
+ while ((e = ERR_get_error())) {
+ rb_warn("error on stack: %s", ERR_error_string(e, NULL));
+ }
+ }
+ ERR_clear_error();
+}
+
/*
* call-seq:
* OpenSSL.errors -> [String...]
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 3be01b0..a31ca95 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -154,8 +154,10 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
* Clear BIO* with this in PEM/DER fallback scenarios to avoid decoding
* errors piling up in OpenSSL::Errors
*/
-#define OSSL_BIO_reset(bio) (void)BIO_reset((bio)); \
- ERR_clear_error();
+#define OSSL_BIO_reset(bio) do { \
+ (void)BIO_reset((bio)); \
+ ossl_clear_error(); \
+} while (0)
/*
* ERRor messages
@@ -163,6 +165,8 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
#define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
NORETURN(void ossl_raise(VALUE, const char *, ...));
VALUE ossl_exc_new(VALUE, const char *, ...);
+/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
+void ossl_clear_error(void);
/*
* Verify callback
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 890ec72..06ca075 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -224,7 +224,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
ossl_raise(eEngineError, NULL);
ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK,
0, NULL, (void(*)(void))ossl_pem_passwd_cb);
- ERR_clear_error();
+ ossl_clear_error();
return obj;
}
diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c
index 35c2e3e..c6d2483 100644
--- a/ext/openssl/ossl_ns_spki.c
+++ b/ext/openssl/ossl_ns_spki.c
@@ -94,7 +94,7 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
}
NETSCAPE_SPKI_free(DATA_PTR(self));
DATA_PTR(self) = spki;
- ERR_clear_error();
+ ossl_clear_error();
return self;
}
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 9ca3abd..ad794e7 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -779,7 +779,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
if (ok < 0) ossl_raise(ePKCS7Error, NULL);
msg = ERR_reason_error_string(ERR_get_error());
ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil);
- ERR_clear_error();
+ ossl_clear_error();
data = ossl_membio2str(out);
ossl_pkcs7_set_data(self, data);
sk_X509_pop_free(x509s, X509_free);
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 04900cc..2e42a0c 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -244,7 +244,7 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
}
BIO_free(in);
if (!dsa) {
- ERR_clear_error();
+ ossl_clear_error();
ossl_raise(eDSAError, "Neither PUB key nor PRIV key");
}
}
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 8f6edfa..a5bddd7 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -213,7 +213,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
const char *name = StringValueCStr(arg);
int nid = OBJ_sn2nid(name);
- (void)ERR_get_error();
+ ossl_clear_error(); /* ignore errors in the previous d2i_EC_PUBKEY_bio() */
if (nid == NID_undef)
ossl_raise(eECError, "unknown curve name (%s)\n", name);
@@ -808,7 +808,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
const char *name = StringValueCStr(arg1);
int nid = OBJ_sn2nid(name);
- (void)ERR_get_error();
+ ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
if (nid == NID_undef)
ossl_raise(eEC_GROUP, "unknown curve name (%s)", name);
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 96c7990..1079710 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1161,7 +1161,7 @@ ossl_ssl_shutdown(SSL *ssl)
break;
}
SSL_clear(ssl);
- ERR_clear_error();
+ ossl_clear_error();
}
}