diff options
-rw-r--r-- | ChangeLog | 23 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 24 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509req.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 13 | ||||
-rw-r--r-- | test/openssl/test_x509store.rb | 22 |
6 files changed, 79 insertions, 7 deletions
@@ -1,3 +1,26 @@ +Sat Sep 10 09:51:30 2005 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error + to get last error on the current thread. And should report + errors are on the stack while OpenSSL.debug is true. + + * ext/openssl/ossl.c (ossl_get_errors): new method for debugging + this library. + + * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message. + + * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid + of unused variable. + + * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should + set @time to avoid warning. + + * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths, + X509_STORE_add_cert, X509_STORE_add_crl): should raise error if + wrapped functions failed. + + * test/openssl/test_x509store.rb: add test for errors. + Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org> * eval.c (rb_call0): prohibit calling tainted method (>2) when diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 41659f0e81..2ad2ee38d0 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -278,7 +278,7 @@ ossl_raise(VALUE exc, const char *fmt, ...) va_list args; char buf[BUFSIZ]; const char *msg; - long e = ERR_get_error(); + long e = ERR_peek_last_error(); int len = 0; if (fmt) { @@ -291,15 +291,34 @@ ossl_raise(VALUE exc, const char *fmt, ...) msg = ERR_error_string(e, NULL); else msg = ERR_reason_error_string(e); - ERR_clear_error(); fmt = len ? ": %s" : "%s"; len += snprintf(buf+len, BUFSIZ-len, fmt, msg); } + if (dOSSL == Qtrue){ /* show all errors on the stack */ + while ((e = ERR_get_error()) != 0){ + rb_warn("error on stack: %s", ERR_error_string(e, NULL)); + } + } + ERR_clear_error(); if(len > BUFSIZ) len = strlen(buf); rb_exc_raise(rb_exc_new(exc, buf, len)); } +VALUE +ossl_get_errors() +{ + VALUE ary; + long e; + + ary = rb_ary_new(); + while ((e = ERR_get_error()) != 0){ + rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL))); + } + + return ary; +} + /* * Debug */ @@ -411,6 +430,7 @@ Init_openssl() dOSSL = Qfalse; rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0); rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1); + rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0); /* * Get ID of to_der diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index d974bbce4e..a4d03089bc 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -480,7 +480,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) return Qnil; } if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) { - ossl_raise(eSSLError, "SSL_CTX_set_ciphers:"); + ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:"); } return v; diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index 35c520194a..d644250433 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary) X509_REQ *req; X509_ATTRIBUTE *attr; int i; - VALUE tmp, item; + VALUE item; Check_Type(ary, T_ARRAY); for (i=0;i<RARRAY(ary)->len; i++) { diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 5dba733878..cea845a1cc 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error_string", Qnil); rb_iv_set(self, "@chain", Qnil); + rb_iv_set(self, "@time", Qnil); return self; } @@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self) X509_STORE *store; GetX509Store(self, store); - X509_STORE_set_default_paths(store); + if (X509_STORE_set_default_paths(store) != 1){ + ossl_raise(eX509StoreError, NULL); + } return Qnil; } @@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg) cert = GetX509CertPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); - X509_STORE_add_cert(store, cert); + if (X509_STORE_add_cert(store, cert) != 1){ + ossl_raise(eX509StoreError, NULL); + } return self; } @@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg) crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); - X509_STORE_add_crl(store, crl); + if (X509_STORE_add_crl(store, crl) != 1){ + ossl_raise(eX509StoreError, NULL); + } return self; } diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 6696020af7..b0fe597262 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error) assert_equal(false, store.verify(ee2_cert)) end + + def test_set_errors + now = Time.now + ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + store = OpenSSL::X509::Store.new + store.add_cert(ca1_cert) + assert_raises(OpenSSL::X509::StoreError){ + store.add_cert(ca1_cert) # add same certificate twice + } + + revoke_info = [] + crl1 = issue_crl(revoke_info, 1, now, now+1800, [], + ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + revoke_info = [ [2, now, 1], ] + crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [], + ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + store.add_crl(crl1) + assert_raises(OpenSSL::X509::StoreError){ + store.add_crl(crl2) # add CRL issued by same CA twice. + } + end end end |