From 2d7afef71ecdc2edd579dde072b75674da1fb730 Mon Sep 17 00:00:00 2001 From: Paolo Capriotti Date: Tue, 11 Jun 2024 13:52:19 +0200 Subject: [PATCH] Clear error stack after validation failure --- HsOpenSSL.cabal | 2 +- OpenSSL/Utils.hs | 8 ++++++++ OpenSSL/X509.hsc | 4 +++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/HsOpenSSL.cabal b/HsOpenSSL.cabal index e6bf9fc..5893d52 100644 --- a/HsOpenSSL.cabal +++ b/HsOpenSSL.cabal @@ -10,7 +10,7 @@ Description: systems and stable. You may also be interested in the @tls@ package, , which is a pure Haskell implementation of SSL. -Version: 0.11.7.6 +Version: 0.11.7.7 License: PublicDomain License-File: COPYING Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen diff --git a/OpenSSL/Utils.hs b/OpenSSL/Utils.hs index 9e5b5fd..229fda6 100644 --- a/OpenSSL/Utils.hs +++ b/OpenSSL/Utils.hs @@ -4,11 +4,13 @@ module OpenSSL.Utils , failIf , failIf_ , raiseOpenSSLError + , clearErrorStack , toHex , fromHex , peekCStringCLen ) where +import Control.Monad import Foreign.C.String import Foreign.C.Types import Foreign.Ptr @@ -41,6 +43,12 @@ failIf_ f a raiseOpenSSLError :: IO a raiseOpenSSLError = getError >>= errorString >>= fail + +clearErrorStack :: IO () +clearErrorStack = do + e <- getError + when (e /= 0) clearErrorStack + -- | Convert an integer to a hex string toHex :: (Num i, Bits i) => i -> String toHex = reverse . map hexByte . unfoldr step where diff --git a/OpenSSL/X509.hsc b/OpenSSL/X509.hsc index b27aeec..fe90fc5 100644 --- a/OpenSSL/X509.hsc +++ b/OpenSSL/X509.hsc @@ -274,7 +274,9 @@ verifyX509 x509 key where interpret :: CInt -> IO VerifyStatus interpret 1 = return VerifySuccess - interpret 0 = return VerifyFailure + interpret 0 = do + clearErrorStack + return VerifyFailure interpret _ = raiseOpenSSLError -- |@'printX509' cert@ translates a certificate into human-readable