[ruby-cvs:62214] rhe:r55051 (trunk): openssl: clear OpenSSL error queue before return to Ruby

rhe at ruby-lang.org rhe at ruby-lang.org
Wed May 18 13:07:48 JST 2016


rhe	2016-05-18 13:07:47 +0900 (Wed, 18 May 2016)

  New Revision: 55051

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55051

  Log:
    openssl: clear OpenSSL error queue before return to Ruby
    
    * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
      family may put errors on 0 return (0 means verification failure).
      Clear OpenSSL error queue before return to Ruby. Since the queue is
      thread global, remaining errors in the queue can cause an unexpected
      error in the next OpenSSL operation.  [ruby-core:48284] [Bug #7215]
    
    * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
    
    * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
    
    * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
    
    * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
      queue before re-raising exception.
    
    * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
    
    * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
    
    * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
    
    * test/openssl: check that OpenSSL.errors is empty every time after
      running a test case.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_pkey_dh.c
    trunk/ext/openssl/ossl_pkey_dsa.c
    trunk/ext/openssl/ossl_pkey_rsa.c
    trunk/ext/openssl/ossl_ssl.c
    trunk/ext/openssl/ossl_x509cert.c
    trunk/ext/openssl/ossl_x509crl.c
    trunk/ext/openssl/ossl_x509req.c
    trunk/ext/openssl/ossl_x509store.c
    trunk/test/openssl/test_asn1.rb
    trunk/test/openssl/test_bn.rb
    trunk/test/openssl/test_buffering.rb
    trunk/test/openssl/test_cipher.rb
    trunk/test/openssl/test_config.rb
    trunk/test/openssl/test_digest.rb
    trunk/test/openssl/test_engine.rb
    trunk/test/openssl/test_fips.rb
    trunk/test/openssl/test_hmac.rb
    trunk/test/openssl/test_ns_spki.rb
    trunk/test/openssl/test_ocsp.rb
    trunk/test/openssl/test_pair.rb
    trunk/test/openssl/test_pkcs12.rb
    trunk/test/openssl/test_pkcs5.rb
    trunk/test/openssl/test_pkcs7.rb
    trunk/test/openssl/test_pkey_dh.rb
    trunk/test/openssl/test_pkey_dsa.rb
    trunk/test/openssl/test_pkey_ec.rb
    trunk/test/openssl/test_pkey_rsa.rb
    trunk/test/openssl/test_random.rb
    trunk/test/openssl/test_x509cert.rb
    trunk/test/openssl/test_x509crl.rb
    trunk/test/openssl/test_x509ext.rb
    trunk/test/openssl/test_x509name.rb
    trunk/test/openssl/test_x509req.rb
    trunk/test/openssl/test_x509store.rb
    trunk/test/openssl/utils.rb


More information about the ruby-cvs mailing list