Project

General

Profile

Bug #11033 ยป for-ruby-2-3-backport-805882145bde.patch

rhenium (Kazuki Yamaguchi), 06/19/2017 03:07 PM

View differences:

ext/openssl/ossl_x509store.c
249 249
    if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
250 250
        ossl_raise(eX509StoreError, NULL);
251 251
    }
252
    /*
253
     * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
254
     * did not check the return value of X509_STORE_add_{cert,crl}(), leaking
255
     * "cert already in hash table" errors on the error queue, if duplicate
256
     * certificates are found. This will be fixed by OpenSSL 1.1.1.
257
     */
258
    ERR_clear_error();
252 259

  
253 260
    return self;
254 261
}
test/openssl/test_x509store.rb
36 36
    OpenSSL::TestUtils.issue_crl(*args)
37 37
  end
38 38

  
39
  def test_add_file
40
    now = Time.at(Time.now.to_i)
41
    ca_exts = [
42
      ["basicConstraints", "CA:TRUE", true],
43
      ["keyUsage", "cRLSign,keyCertSign", true],
44
    ]
45
    cert1 = issue_cert(@ca1, @rsa1024, 1, now, now+3600, ca_exts,
46
                       nil, nil, "sha1")
47
    cert2 = issue_cert(@ca2, @rsa2048, 1, now, now+3600, ca_exts,
48
                       nil, nil, "sha1")
49
    tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f }
50

  
51
    store = OpenSSL::X509::Store.new
52
    assert_equal false, store.verify(cert1)
53
    assert_equal false, store.verify(cert2)
54
    store.add_file(tmpfile.path)
55
    assert_equal true, store.verify(cert1)
56
    assert_equal true, store.verify(cert2)
57

  
58
    # OpenSSL < 1.1.1 leaks an error on a duplicate certificate
59
    assert_nothing_raised { store.add_file(tmpfile.path) }
60
    assert_equal [], OpenSSL.errors
61
  ensure
62
    tmpfile and tmpfile.close!
63
  end
64

  
39 65
  def test_verify
40 66
    now = Time.at(Time.now.to_i)
41 67
    ca_exts = [
42
-