summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authornahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-07-14 05:41:05 +0000
committernahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-07-14 05:41:05 +0000
commitab86f1cffb204ab2c51c39926b9c34c4e608c5ad (patch)
treef2d1d7d8e5b18af53b51096c75af41f4908702b8 /ext
parentf10ef64f1b969cb7a4af50c6a898bc81d1467b23 (diff)
* ext/openssl/ossl.c (ossl_verify_cb): trap the exception from
verify callback of SSLContext and X509Store and make the verification fail normally. Raising exception directly from callback causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi. See #4445. * test/openssl/test_ssl.rb (test_exception_in_verify_callback_is_ignored): test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r--ext/openssl/ossl.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index c5321b6..f3410b6 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -223,8 +223,11 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx)
args.proc = proc;
args.preverify_ok = ok ? Qtrue : Qfalse;
args.store_ctx = rctx;
- ret = rb_ensure(ossl_call_verify_cb_proc, (VALUE)&args,
- ossl_x509stctx_clear_ptr, rctx);
+ ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state);
+ ossl_x509stctx_clear_ptr(rctx);
+ if (state) {
+ rb_warn("exception in verify_callback is ignored");
+ }
}
if (ret == Qtrue) {
X509_STORE_CTX_set_error(ctx, X509_V_OK);