From 9eb92007b6c2ab2b1fe031c3681144e51e2bcc14 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 14 Jun 2017 09:49:09 +0000
Subject: openssl: import v2.0.4

Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit
history since v2.0.3 (imported at r57482) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.3...v2.0.4

This contains the fix for [Bug #11033].

----------------------------------------------------------------
Jun Aruga (1):
      Update .travis.yml and Dockerfile

Kazuki Yamaguchi (9):
      test/test_pkey_ec: do not use dummy 0 order
      test/test_ssl: fix typo in test_sysread_and_syswrite
      ssl: check return value of SSL_set_fd()
      Fix typos
      test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
      tool/sync-with-trunk: 'LASY' -> 'LAST'
      x509store: clear error queue after calling X509_LOOKUP_load_file()
      extconf.rb: simplify searching libraries logic
      Ruby/OpenSSL 2.0.4

SHIBATA Hiroshi (1):
      Fix typos

Vladimir Rybas (1):
      Fix documentation for OpenSSL::Cipher#final

nobu (2):
      openssl: fix broken openssl check
      openssl: fix broken openssl check

usa (1):
      Search SSL libraries by testing various filename patterns

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl_x509store.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ext/openssl/ossl_x509store.c')

diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index eb81e0d473..4becc8e3cd 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -342,6 +342,15 @@ ossl_x509store_add_file(VALUE self, VALUE file)
     if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
         ossl_raise(eX509StoreError, NULL);
     }
+#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
+    /*
+     * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
+     * did not check the return value of X509_STORE_add_{cert,crl}(), leaking
+     * "cert already in hash table" errors on the error queue, if duplicate
+     * certificates are found. This will be fixed by OpenSSL 1.1.1.
+     */
+    ossl_clear_error();
+#endif
 
     return self;
 }
-- 
cgit v1.2.3