From: wolf@...
Date: 2018-01-24T17:49:19+00:00
Subject: [ruby-core:85070] [Ruby trunk Bug#14376] OpenSSL::X509::Store#verify_callback= requires Qtrue, not just truthy

Issue #14376 has been updated by graywolf (Gray Wolf).


Please close in favor of #14377.

----------------------------------------
Bug #14376: OpenSSL::X509::Store#verify_callback= requires Qtrue, not just truthy
https://bugs.ruby-lang.org/issues/14376#change-69788

* Author: graywolf (Gray Wolf)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.6.0dev (2018-01-20 trunk 61969) [x86_64-linux]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
`OpenSSL::X509::Store#verify_callback=` must return `true` exactly, not just anything truthy. Switching the check in ossl_x509store.c:88 to

	if (ret == Qfalse || ret == Qnil) {
		if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
			X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
		ok = 0;
	}
	else {
		X509_STORE_CTX_set_error(ctx, X509_V_OK);
		ok = 1;
	}

would be enough to require just something 'truthy'.

If the current state is intentional, I believe this fact should at
least be documented.




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>