Project

General

Profile

Bug #14376

OpenSSL::X509::Store#verify_callback= requires Qtrue, not just truthy

Added by graywolf (Gray Wolf) almost 2 years ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-01-20 trunk 61969) [x86_64-linux]
[ruby-core:84936]

Description

OpenSSL::X509::Store#verify_callback= must return true exactly, not just anything truthy. Switching the check in ossl_x509store.c:88 to

if (ret == Qfalse || ret == Qnil) {
    if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
        X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
    ok = 0;
}
else {
    X509_STORE_CTX_set_error(ctx, X509_V_OK);
    ok = 1;
}

would be enough to require just something 'truthy'.

If the current state is intentional, I believe this fact should at
least be documented.

History

Updated by graywolf (Gray Wolf) almost 2 years ago

Please close in favor of #14377.

#2

Updated by jeremyevans0 (Jeremy Evans) 6 months ago

  • Status changed from Open to Closed

Also available in: Atom PDF