diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-18 01:06:14 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-18 13:05:33 +0900 |
commit | e0bf4c6884a6e3f92998fa34a13ec4a15a464516 (patch) | |
tree | d2b44188726eae2ab06a875f2a1a1779aad28ed5 /ext/openssl/ossl_x509cert.c | |
parent | f7bfb15529d25cf247dcaaa8ccad431c11779c3e (diff) | |
download | ruby-topic/openssl-clear-error-queue.tar.gz |
openssl: clear OpenSSL error queue before return to Rubytopic/openssl-clear-error-queue
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
family may put errors on 0 return (0 means verification failure).
Clear OpenSSL error queue before return to Ruby. Since the queue is
thread global, remaining errors in the queue can cause an unexpected
error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
queue before re-raising exception.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
* test/openssl: check that OpenSSL.errors is empty every time after
running a test case.
Diffstat (limited to 'ext/openssl/ossl_x509cert.c')
-rw-r--r-- | ext/openssl/ossl_x509cert.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 4dafae17b9..226704efc6 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -591,18 +591,19 @@ ossl_x509_verify(VALUE self, VALUE key) { X509 *x509; EVP_PKEY *pkey; - int i; pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ GetX509(self, x509); - if ((i = X509_verify(x509, pkey)) < 0) { - ossl_raise(eX509CertError, NULL); - } - if (i > 0) { + + switch (X509_verify(x509, pkey)) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); } - - return Qfalse; } /* |