Merge pull request #91 from wireapp/validation-error-stack

Clear error stack after validation failure
haskell-cryptography · Jun 11, 2024 · 66089b9 · 66089b9
2 parents 05118c0 + 2d7afef
commit 66089b9
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/HsOpenSSL.cabal b/HsOpenSSL.cabal
@@ -10,7 +10,7 @@ Description:
     systems and stable. You may also be interested in the @tls@ package,
     <http://hackage.haskell.org/package/tls>, which is a pure Haskell
     implementation of SSL.
-Version:       0.11.7.6
+Version:       0.11.7.7
 License:       PublicDomain
 License-File:  COPYING
 Author:        Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen

diff --git a/OpenSSL/Utils.hs b/OpenSSL/Utils.hs
@@ -4,11 +4,13 @@ module OpenSSL.Utils
     , failIf
     , failIf_
     , raiseOpenSSLError
+    , clearErrorStack
     , toHex
     , fromHex
     , peekCStringCLen
     )
     where
+import Control.Monad
 import Foreign.C.String
 import Foreign.C.Types
 import Foreign.Ptr
@@ -41,6 +43,12 @@ failIf_ f a
 raiseOpenSSLError :: IO a
 raiseOpenSSLError = getError >>= errorString >>= fail
 
+
+clearErrorStack :: IO ()
+clearErrorStack = do
+  e <- getError
+  when (e /= 0) clearErrorStack
+
 -- | Convert an integer to a hex string
 toHex :: (Num i, Bits i) => i -> String
 toHex = reverse . map hexByte . unfoldr step where

diff --git a/OpenSSL/X509.hsc b/OpenSSL/X509.hsc
@@ -274,7 +274,9 @@ verifyX509 x509 key
     where
       interpret :: CInt -> IO VerifyStatus
       interpret 1 = return VerifySuccess
-      interpret 0 = return VerifyFailure
+      interpret 0 = do
+        clearErrorStack
+        return VerifyFailure
       interpret _ = raiseOpenSSLError
 
 -- |@'printX509' cert@ translates a certificate into human-readable