* ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error

to get last error on the current thread. And should report
  errors are on the stack while OpenSSL.debug is true.

* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
  this library.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions failed.

* test/openssl/test_x509store.rb: add test for errors.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,26 @@
+Sat Sep 10 09:51:30 2005  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error
+	  to get last error on the current thread. And should report
+	  errors are on the stack while OpenSSL.debug is true.
+
+	* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
+	  this library.
+
+	* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
+
+	* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
+	  of unused variable.
+
+	* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
+	  set @time to avoid warning.
+
+	* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
+	  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
+	  wrapped functions failed.
+
+	* test/openssl/test_x509store.rb: add test for errors.
+
 Fri Sep  9 22:13:19 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* eval.c (rb_call0): prohibit calling tainted method (>2) when

ext/openssl/ossl.c

@@ -278,7 +278,7 @@ ossl_raise(VALUE exc, const char *fmt, ...)
     va_list args;
     char buf[BUFSIZ];
     const char *msg;
-    long e = ERR_get_error();
+    long e = ERR_peek_last_error();
     int len = 0;
 
     if (fmt) {
@@ -291,15 +291,34 @@ ossl_raise(VALUE exc, const char *fmt, ...)
 	    msg = ERR_error_string(e, NULL);
 	else
 	    msg = ERR_reason_error_string(e);
-	ERR_clear_error();
 	fmt = len ? ": %s" : "%s";
 	len += snprintf(buf+len, BUFSIZ-len, fmt, msg);
     }
+    if (dOSSL == Qtrue){ /* show all errors on the stack */
+	while ((e = ERR_get_error()) != 0){
+	    rb_warn("error on stack: %s", ERR_error_string(e, NULL));
+	}
+    }
+    ERR_clear_error();
 
     if(len > BUFSIZ) len = strlen(buf);
     rb_exc_raise(rb_exc_new(exc, buf, len));
 }
 
+VALUE
+ossl_get_errors()
+{
+    VALUE ary;
+    long e;
+
+    ary = rb_ary_new();
+    while ((e = ERR_get_error()) != 0){
+        rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
+    }
+
+    return ary;
+}
+
 /*
  * Debug
  */
@@ -411,6 +430,7 @@ Init_openssl()
     dOSSL = Qfalse;
     rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0);
     rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1);
+    rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0);
 
     /*
      * Get ID of to_der

ext/openssl/ossl_ssl.c

@@ -480,7 +480,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
         return Qnil;
     }
     if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
-        ossl_raise(eSSLError, "SSL_CTX_set_ciphers:");
+        ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
     }
 
     return v;

ext/openssl/ossl_x509req.c

@@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
     X509_REQ *req;
     X509_ATTRIBUTE *attr;
     int i;
-    VALUE tmp, item;
+    VALUE item;
 
     Check_Type(ary, T_ARRAY);
     for (i=0;i<RARRAY(ary)->len; i++) {

ext/openssl/ossl_x509store.c

@@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     rb_iv_set(self, "@error", Qnil);
     rb_iv_set(self, "@error_string", Qnil);
     rb_iv_set(self, "@chain", Qnil);
+    rb_iv_set(self, "@time", Qnil);
 
     return self;
 }
@@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
     X509_STORE *store;
 
     GetX509Store(self, store);
-    X509_STORE_set_default_paths(store);
+    if (X509_STORE_set_default_paths(store) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return Qnil;
 }
@@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
 
     cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
-    X509_STORE_add_cert(store, cert);
+    if (X509_STORE_add_cert(store, cert) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return self;
 }
@@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
 
     crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
-    X509_STORE_add_crl(store, crl);
+    if (X509_STORE_add_crl(store, crl) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return self;
 }

test/openssl/test_x509store.rb

@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
     assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
     assert_equal(false, store.verify(ee2_cert))
   end
+
+  def test_set_errors
+    now = Time.now
+    ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+                          nil, nil, OpenSSL::Digest::SHA1.new)
+    store = OpenSSL::X509::Store.new
+    store.add_cert(ca1_cert)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_cert(ca1_cert)  # add same certificate twice
+    }
+
+    revoke_info = []
+    crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    revoke_info = [ [2, now, 1], ]
+    crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    store.add_crl(crl1)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_crl(crl2) # add CRL issued by same CA twice.
+    }
+  end
 end
 
 end