summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog23
-rw-r--r--ext/openssl/ossl.c24
-rw-r--r--ext/openssl/ossl_ssl.c2
-rw-r--r--ext/openssl/ossl_x509req.c2
-rw-r--r--ext/openssl/ossl_x509store.c13
-rw-r--r--test/openssl/test_x509store.rb22
6 files changed, 79 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index d028e3a..098d046 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
+Sat Sep 10 09:51:30 2005 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error
+ to get last error on the current thread. And should report
+ errors are on the stack while OpenSSL.debug is true.
+
+ * ext/openssl/ossl.c (ossl_get_errors): new method for debugging
+ this library.
+
+ * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
+
+ * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
+ of unused variable.
+
+ * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
+ set @time to avoid warning.
+
+ * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
+ X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
+ wrapped functions failed.
+
+ * test/openssl/test_x509store.rb: add test for errors.
+
Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org>
* eval.c (rb_call0): prohibit calling tainted method (>2) when
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 41659f0..2ad2ee3 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -278,7 +278,7 @@ ossl_raise(VALUE exc, const char *fmt, ...)
va_list args;
char buf[BUFSIZ];
const char *msg;
- long e = ERR_get_error();
+ long e = ERR_peek_last_error();
int len = 0;
if (fmt) {
@@ -291,15 +291,34 @@ ossl_raise(VALUE exc, const char *fmt, ...)
msg = ERR_error_string(e, NULL);
else
msg = ERR_reason_error_string(e);
- ERR_clear_error();
fmt = len ? ": %s" : "%s";
len += snprintf(buf+len, BUFSIZ-len, fmt, msg);
}
+ if (dOSSL == Qtrue){ /* show all errors on the stack */
+ while ((e = ERR_get_error()) != 0){
+ rb_warn("error on stack: %s", ERR_error_string(e, NULL));
+ }
+ }
+ ERR_clear_error();
if(len > BUFSIZ) len = strlen(buf);
rb_exc_raise(rb_exc_new(exc, buf, len));
}
+VALUE
+ossl_get_errors()
+{
+ VALUE ary;
+ long e;
+
+ ary = rb_ary_new();
+ while ((e = ERR_get_error()) != 0){
+ rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
+ }
+
+ return ary;
+}
+
/*
* Debug
*/
@@ -411,6 +430,7 @@ Init_openssl()
dOSSL = Qfalse;
rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0);
rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1);
+ rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0);
/*
* Get ID of to_der
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index d974bbc..a4d0308 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -480,7 +480,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return Qnil;
}
if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
- ossl_raise(eSSLError, "SSL_CTX_set_ciphers:");
+ ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
}
return v;
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index 35c5201..d644250 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
X509_REQ *req;
X509_ATTRIBUTE *attr;
int i;
- VALUE tmp, item;
+ VALUE item;
Check_Type(ary, T_ARRAY);
for (i=0;i<RARRAY(ary)->len; i++) {
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 5dba733..cea845a 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
rb_iv_set(self, "@chain", Qnil);
+ rb_iv_set(self, "@time", Qnil);
return self;
}
@@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
X509_STORE *store;
GetX509Store(self, store);
- X509_STORE_set_default_paths(store);
+ if (X509_STORE_set_default_paths(store) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return Qnil;
}
@@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
- X509_STORE_add_cert(store, cert);
+ if (X509_STORE_add_cert(store, cert) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return self;
}
@@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
- X509_STORE_add_crl(store, crl);
+ if (X509_STORE_add_crl(store, crl) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return self;
}
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6696020..b0fe597 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
assert_equal(false, store.verify(ee2_cert))
end
+
+ def test_set_errors
+ now = Time.now
+ ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ store = OpenSSL::X509::Store.new
+ store.add_cert(ca1_cert)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_cert(ca1_cert) # add same certificate twice
+ }
+
+ revoke_info = []
+ crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ revoke_info = [ [2, now, 1], ]
+ crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ store.add_crl(crl1)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_crl(crl2) # add CRL issued by same CA twice.
+ }
+ end
end
end