1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error

to get last error on the current thread. And should report
  errors are on the stack while OpenSSL.debug is true.

* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
  this library.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions failed.

* test/openssl/test_x509store.rb: add test for errors.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2005-09-10 00:54:31 +00:00
parent 6d77710327
commit 2ec654a1a0
6 changed files with 79 additions and 7 deletions

View file

@ -1,3 +1,26 @@
Sat Sep 10 09:51:30 2005 GOTOU Yuuzou <gotoyuzo@notwork.org>
* ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error
to get last error on the current thread. And should report
errors are on the stack while OpenSSL.debug is true.
* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
this library.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
of unused variable.
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
set @time to avoid warning.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
wrapped functions failed.
* test/openssl/test_x509store.rb: add test for errors.
Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org> Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org>
* eval.c (rb_call0): prohibit calling tainted method (>2) when * eval.c (rb_call0): prohibit calling tainted method (>2) when

View file

@ -278,7 +278,7 @@ ossl_raise(VALUE exc, const char *fmt, ...)
va_list args; va_list args;
char buf[BUFSIZ]; char buf[BUFSIZ];
const char *msg; const char *msg;
long e = ERR_get_error(); long e = ERR_peek_last_error();
int len = 0; int len = 0;
if (fmt) { if (fmt) {
@ -291,15 +291,34 @@ ossl_raise(VALUE exc, const char *fmt, ...)
msg = ERR_error_string(e, NULL); msg = ERR_error_string(e, NULL);
else else
msg = ERR_reason_error_string(e); msg = ERR_reason_error_string(e);
ERR_clear_error();
fmt = len ? ": %s" : "%s"; fmt = len ? ": %s" : "%s";
len += snprintf(buf+len, BUFSIZ-len, fmt, msg); len += snprintf(buf+len, BUFSIZ-len, fmt, msg);
} }
if (dOSSL == Qtrue){ /* show all errors on the stack */
while ((e = ERR_get_error()) != 0){
rb_warn("error on stack: %s", ERR_error_string(e, NULL));
}
}
ERR_clear_error();
if(len > BUFSIZ) len = strlen(buf); if(len > BUFSIZ) len = strlen(buf);
rb_exc_raise(rb_exc_new(exc, buf, len)); rb_exc_raise(rb_exc_new(exc, buf, len));
} }
VALUE
ossl_get_errors()
{
VALUE ary;
long e;
ary = rb_ary_new();
while ((e = ERR_get_error()) != 0){
rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
}
return ary;
}
/* /*
* Debug * Debug
*/ */
@ -411,6 +430,7 @@ Init_openssl()
dOSSL = Qfalse; dOSSL = Qfalse;
rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0); rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0);
rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1); rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1);
rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0);
/* /*
* Get ID of to_der * Get ID of to_der

View file

@ -480,7 +480,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return Qnil; return Qnil;
} }
if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) { if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
ossl_raise(eSSLError, "SSL_CTX_set_ciphers:"); ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
} }
return v; return v;

View file

@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
X509_REQ *req; X509_REQ *req;
X509_ATTRIBUTE *attr; X509_ATTRIBUTE *attr;
int i; int i;
VALUE tmp, item; VALUE item;
Check_Type(ary, T_ARRAY); Check_Type(ary, T_ARRAY);
for (i=0;i<RARRAY(ary)->len; i++) { for (i=0;i<RARRAY(ary)->len; i++) {

View file

@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil); rb_iv_set(self, "@error_string", Qnil);
rb_iv_set(self, "@chain", Qnil); rb_iv_set(self, "@chain", Qnil);
rb_iv_set(self, "@time", Qnil);
return self; return self;
} }
@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
X509_STORE *store; X509_STORE *store;
GetX509Store(self, store); GetX509Store(self, store);
X509_STORE_set_default_paths(store); if (X509_STORE_set_default_paths(store) != 1){
ossl_raise(eX509StoreError, NULL);
}
return Qnil; return Qnil;
} }
@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */ cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store); GetX509Store(self, store);
X509_STORE_add_cert(store, cert); if (X509_STORE_add_cert(store, cert) != 1){
ossl_raise(eX509StoreError, NULL);
}
return self; return self;
} }
@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */ crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store); GetX509Store(self, store);
X509_STORE_add_crl(store, crl); if (X509_STORE_add_crl(store, crl) != 1){
ossl_raise(eX509StoreError, NULL);
}
return self; return self;
} }

View file

@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error) assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
assert_equal(false, store.verify(ee2_cert)) assert_equal(false, store.verify(ee2_cert))
end end
def test_set_errors
now = Time.now
ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
store = OpenSSL::X509::Store.new
store.add_cert(ca1_cert)
assert_raises(OpenSSL::X509::StoreError){
store.add_cert(ca1_cert) # add same certificate twice
}
revoke_info = []
crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
revoke_info = [ [2, now, 1], ]
crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
store.add_crl(crl1)
assert_raises(OpenSSL::X509::StoreError){
store.add_crl(crl2) # add CRL issued by same CA twice.
}
end
end end
end end