Project

General

Profile

Actions

Bug #14376

closed

OpenSSL::X509::Store#verify_callback= requires Qtrue, not just truthy

Added by graywolf (Gray Wolf) about 6 years ago. Updated almost 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-01-20 trunk 61969) [x86_64-linux]
[ruby-core:84936]

Description

OpenSSL::X509::Store#verify_callback= must return true exactly, not just anything truthy. Switching the check in ossl_x509store.c:88 to

if (ret == Qfalse || ret == Qnil) {
	if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
		X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
	ok = 0;
}
else {
	X509_STORE_CTX_set_error(ctx, X509_V_OK);
	ok = 1;
}

would be enough to require just something 'truthy'.

If the current state is intentional, I believe this fact should at
least be documented.

Updated by graywolf (Gray Wolf) about 6 years ago

Please close in favor of #14377.

Actions #2

Updated by jeremyevans0 (Jeremy Evans) almost 5 years ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0