There are still some places in Ruby OpenSSL C code where just BIO_reset
is used but not ERR_get_error if a fallback from PEM to DER is tried or
the other way round. This might cause encoding errors to pile up and
mislead users or cause tests to fail that shouldn't.
I'd like to expose the conjunction of
BIO_reset(bio);
ERR_get_error();
as a publicly accesible macro (similar to what's in ossl_pkey.c) and
replace existing code by using it where appropriate.
This issue was solved with changeset r32199.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
fallback scenarios.
ext/openssl/ossl_pkey_dsa.c
ext/openssl/ossl_x509req.c
ext/openssl/ossl_pkey_rsa.c
ext/openssl/ossl_pkey_ec.c
ext/openssl/ossl_ssl_session.c
ext/openssl/ossl_x509crl.c
ext/openssl/ossl_pkey.c
ext/openssl/ossl_pkey_dh.c
ext/openssl/ossl_x509cert.c
ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
ext/openssl/ossl_ssl.c
ext/openssl/ossl_cipher.c
ext/openssl/ossl_pkey_ec.c
ext/openssl/ossl_pkcs12.c
ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
test/openssl/test_pkey_ec.rb
test/openssl/test_pkey_dsa.rb
test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
Updated by Anonymous