diff options
| author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-12-20 06:06:46 +0000 |
|---|---|---|
| committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-12-20 06:06:46 +0000 |
| commit | be4f7bf51253b5a0519126fb742b8de514bad278 (patch) | |
| tree | c44d9f82e72e3b37003adc8c13b0a7c53fa75258 /ext/openssl/ossl.c | |
| parent | 0ead5c4983edcdef071eb4317b904d9d0419b388 (diff) | |
| download | ruby-be4f7bf51253b5a0519126fb742b8de514bad278.tar.gz | |
* Make sure to clear $! when ignoring an exception
* ext/openssl/ossl.c (ossl_pem_passwd_cb0, ossl_verify_cb):
pem_passwd_cb and verify_cb ignores the exception raised in a
callback proc so it should clear $! for subsequent execution.
That's said, both subsequent processes for pem_passwd_cb and
verify_cb raises another exception before leaking $! to Ruby world.
We cannot test this fix in Ruby land.
* test/openssl/test_pkey_rsa.rb
(test_read_private_key_pem_pw_exception): Test for pem_passwd_cb +
exception.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl.c')
| -rw-r--r-- | ext/openssl/ossl.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index f3410b64e8..7c8507050c 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -175,7 +175,11 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) */ rflag = flag ? Qtrue : Qfalse; pass = rb_protect(ossl_pem_passwd_cb0, rflag, &status); - if (status) return -1; /* exception was raised. */ + if (status) { + /* ignore an exception raised. */ + rb_set_errinfo(Qnil); + return -1; + } len = RSTRING_LENINT(pass); if (len < 4) { /* 4 is OpenSSL hardcoded limit */ rb_warning("password must be longer than 4 bytes"); @@ -216,18 +220,23 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx) if ((void*)proc == 0) return ok; if (!NIL_P(proc)) { + ret = Qfalse; rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state); - ret = Qfalse; - if (!state) { + if (state) { + rb_set_errinfo(Qnil); + rb_warn("StoreContext initialization failure"); + } + else { args.proc = proc; args.preverify_ok = ok ? Qtrue : Qfalse; args.store_ctx = rctx; ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state); - ossl_x509stctx_clear_ptr(rctx); if (state) { + rb_set_errinfo(Qnil); rb_warn("exception in verify_callback is ignored"); } + ossl_x509stctx_clear_ptr(rctx); } if (ret == Qtrue) { X509_STORE_CTX_set_error(ctx, X509_V_OK); |