openssl: clear OpenSSL error queue before return to Ruby

* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-05-18 04:07:47 +0000
committer: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-05-18 04:07:47 +0000
commit: d07f254627bcd2dfde68343d9c38b6732f93198b (patch)
tree: d2b44188726eae2ab06a875f2a1a1779aad28ed5 /test/openssl/test_pkey_ec.rb
parent: d9bf23d87b208b0eb7719d71e9a3979417c61a3f (diff)
download: ruby-d07f254627bcd2dfde68343d9c38b6732f93198b.tar.gz
1 files changed, 1 insertions, 6 deletions
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index d3edcc47b4..c530ee06b0 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
 
 if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC)
 
-class OpenSSL::TestEC < Test::Unit::TestCase
+class OpenSSL::TestEC < OpenSSL::TestCase
   def setup
     @data1 = 'foo'
     @data2 = 'bar' * 1000 # data too long for DSA sig
@@ -131,7 +131,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     ec2 = OpenSSL::PKey.read(der)
     assert(ec2.private_key?)
     assert_equal(der, ec2.to_der)
-    assert_equal([], OpenSSL.errors)
   end
 
   def test_read_private_key_pem
@@ -140,7 +139,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     ec2 = OpenSSL::PKey.read(pem)
     assert(ec2.private_key?)
     assert_equal(pem, ec2.to_pem)
-    assert_equal([], OpenSSL.errors)
   end
 
   def test_read_public_key_der
@@ -151,7 +149,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     ec3 = OpenSSL::PKey.read(der)
     assert(!ec3.private_key?)
     assert_equal(der, ec3.to_der)
-    assert_equal([], OpenSSL.errors)
   end
 
   def test_read_public_key_pem
@@ -162,7 +159,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     ec3 = OpenSSL::PKey.read(pem)
     assert(!ec3.private_key?)
     assert_equal(pem, ec3.to_pem)
-    assert_equal([], OpenSSL.errors)
   end
 
   def test_read_private_key_pem_pw
@@ -177,7 +173,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     ec2 = OpenSSL::PKey.read(pem, 'secret')
     assert(ec2.private_key?)
     #omit pem equality check, will be different due to cipher iv
-    assert_equal([], OpenSSL.errors)
   end
 
   def test_export_password_length
author	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-05-18 04:07:47 +0000
committer	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-05-18 04:07:47 +0000
commit	d07f254627bcd2dfde68343d9c38b6732f93198b (patch)
tree	d2b44188726eae2ab06a875f2a1a1779aad28ed5 /test/openssl/test_pkey_ec.rb
parent	d9bf23d87b208b0eb7719d71e9a3979417c61a3f (diff)
download	ruby-d07f254627bcd2dfde68343d9c38b6732f93198b.tar.gz