summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--ext/openssl/ossl_pkcs12.c4
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index e6e89fc487e..4cea47b6663 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Wed May 18 16:52:03 2016 Kazuki Yamaguchi <k@rhe.jp>
+
+ * ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors
+ leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists
+ in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d.
+
Wed May 18 16:04:54 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* tool/downloader.rb (Downloader::RubyGems.download): verify gems
diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
index e5052d47ea2..fe4dadc17b8 100644
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@@ -165,8 +165,12 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
BIO_free(in);
pkey = cert = ca = Qnil;
+ /* OpenSSL's bug; PKCS12_parse() puts errors even if it succeeds.
+ * Fixed in OpenSSL 1.0.0t, 1.0.1p, 1.0.2d */
+ ERR_set_mark();
if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s))
ossl_raise(ePKCS12Error, "PKCS12_parse");
+ ERR_pop_to_mark();
pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key,
&st); /* NO DUP */
if(st) goto err;