https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112012-10-26T00:10:10ZRuby Issue Tracking SystemRuby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=315762012-10-26T00:10:10ZMartinBosslet (Martin Bosslet)Martin.Bosslet@gmail.com
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>MartinBosslet (Martin Bosslet)</i></li></ul> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=354362013-01-16T04:11:24Zdeafbybeheading (Maciek Sakrejda)m.sakrejda@gmail.com
<ul></ul><p>Hi,</p>
<p>Any progress on this? Postgres has rejected the patch that was submitted on the grounds that this is an OpenSSL client issue and libpq has no business clearing the error queue.</p>
<p>It seems like clearing the error queue but giving some side channel to access the errors from the last Certifivate#verify call would still make the errors available for interested clients, without forcing a byzantine API requiring a separate step to clear the error queue (something that would likely be missed by many clients).</p>
<p>Thanks!</p> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=478282014-07-17T09:16:47Zkritik (Vladimir Krylov)s6numid@gmail.com
<ul></ul><p>Any changes here? Can confirm that problem persists in newer versions of ruby (i.e. 2.1.0p0 (2013-12-25 revision 44422) [x86_64-linux] and 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]).</p> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=495542014-10-20T14:06:16Znyku.rn (Nicolae Rotaru)nyku.rn@gmail.com
<ul></ul><p>the only solution at the moment is running :</p>
<a name="OpenSSLerrorsclear"></a>
<h3 >OpenSSL.errors.clear<a href="#OpenSSLerrorsclear" class="wiki-anchor">¶</a></h3>
<p>after certificate verifying. This clears OpenSSL errors array and keeps database connection alive.</p> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=541332015-09-13T03:14:49Zzzak (zzak _)
<ul><li><strong>Assignee</strong> changed from <i>MartinBosslet (Martin Bosslet)</i> to <i>7150</i></li></ul> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=587282016-05-18T04:07:52ZAnonymous
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p>Applied in changeset r55051.</p>
<hr>
<p>openssl: clear OpenSSL error queue before return to Ruby</p>
<ul>
<li>
<p>ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()<br>
family may put errors on 0 return (0 means verification failure).<br>
Clear OpenSSL error queue before return to Ruby. Since the queue is<br>
thread global, remaining errors in the queue can cause an unexpected<br>
error in the next OpenSSL operation. <a href="/issues/7215">[ruby-core:48284]</a> [Bug <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Remaining messages on OpenSSL error queue after Certificate#verify (Closed)" href="https://redmine.ruby-lang.org/issues/7215">#7215</a>]</p>
</li>
<li>
<p>ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.</p>
</li>
<li>
<p>ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.</p>
</li>
<li>
<p>ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.</p>
</li>
<li>
<p>ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error<br>
queue before re-raising exception.</p>
</li>
<li>
<p>ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.</p>
</li>
<li>
<p>ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.</p>
</li>
<li>
<p>ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.</p>
</li>
<li>
<p>test/openssl: check that OpenSSL.errors is empty every time after<br>
running a test case.</p>
</li>
</ul> Ruby master - Bug #7215: Remaining messages on OpenSSL error queue after Certificate#verifyhttps://redmine.ruby-lang.org/issues/7215?journal_id=721792018-05-19T05:27:48Zlarskanis (Lars Kanis)
<ul></ul><p>Thanks for fixing this issue! It has been resolved on the PostgreSQL side as well: <a href="https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a3c17b2af89cd46b47df3483bb693312d7521795" class="external">https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a3c17b2af89cd46b47df3483bb693312d7521795</a></p>