Actions
Bug #14376
closedOpenSSL::X509::Store#verify_callback= requires Qtrue, not just truthy
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-01-20 trunk 61969) [x86_64-linux]
Description
OpenSSL::X509::Store#verify_callback=
must return true
exactly, not just anything truthy. Switching the check in ossl_x509store.c:88 to
if (ret == Qfalse || ret == Qnil) {
if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
ok = 0;
}
else {
X509_STORE_CTX_set_error(ctx, X509_V_OK);
ok = 1;
}
would be enough to require just something 'truthy'.
If the current state is intentional, I believe this fact should at
least be documented.
Updated by graywolf (Gray Wolf) about 6 years ago
Please close in favor of #14377.
Updated by jeremyevans0 (Jeremy Evans) almost 5 years ago
- Status changed from Open to Closed
Actions
Like0
Like0Like0