Revert "[ruby/openssl] x509: disallow ossl_x509{,attr,crl,ext,revoked,name}*_new(NULL)"

rhenium · rhenium · commit ec01cd9bbbaf · 2025-07-27T22:56:10.000+09:00
This reverts commit 4e8bbb0. It broke RubyGems tests: https://rubyci.s3.amazonaws.com/debian/ruby-master/log/20250727T123003Z.fail.html.gz OpenSSL::X509::StoreContext#current_cert incorrectly calls ossl_x509_new() with NULL to create a bogus Certificate object, and a test case in RubyGems relies on it. This will be reapplied when both are fixed.
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
@@ -54,9 +54,14 @@ ossl_x509attr_new(X509_ATTRIBUTE *attr)
     VALUE obj;
 
     obj = NewX509Attr(cX509Attr);
-    new = X509_ATTRIBUTE_dup(attr);
-    if (!new)
-        ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
+    if (!attr) {
+	new = X509_ATTRIBUTE_new();
+    } else {
+	new = X509_ATTRIBUTE_dup(attr);
+    }
+    if (!new) {
+	ossl_raise(eX509AttrError, NULL);
+    }
     SetX509Attr(obj, new);
 
     return obj;
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
@@ -54,9 +54,14 @@ ossl_x509_new(X509 *x509)
     VALUE obj;
 
     obj = NewX509(cX509Cert);
-    new = X509_dup(x509);
-    if (!new)
-        ossl_raise(eX509CertError, "X509_dup");
+    if (!x509) {
+	new = X509_new();
+    } else {
+	new = X509_dup(x509);
+    }
+    if (!new) {
+	ossl_raise(eX509CertError, NULL);
+    }
     SetX509(obj, new);
 
     return obj;
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
@@ -64,9 +64,8 @@ ossl_x509crl_new(X509_CRL *crl)
     VALUE obj;
 
     obj = NewX509CRL(cX509CRL);
-    tmp = X509_CRL_dup(crl);
-    if (!tmp)
-        ossl_raise(eX509CRLError, "X509_CRL_dup");
+    tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new();
+    if(!tmp) ossl_raise(eX509CRLError, NULL);
     SetX509CRL(obj, tmp);
 
     return obj;
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
@@ -68,9 +68,14 @@ ossl_x509ext_new(X509_EXTENSION *ext)
     VALUE obj;
 
     obj = NewX509Ext(cX509Ext);
-    new = X509_EXTENSION_dup(ext);
-    if (!new)
-        ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
+    if (!ext) {
+	new = X509_EXTENSION_new();
+    } else {
+	new = X509_EXTENSION_dup(ext);
+    }
+    if (!new) {
+	ossl_raise(eX509ExtError, NULL);
+    }
     SetX509Ext(obj, new);
 
     return obj;
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
@@ -59,9 +59,14 @@ ossl_x509name_new(X509_NAME *name)
     VALUE obj;
 
     obj = NewX509Name(cX509Name);
-    new = X509_NAME_dup(name);
-    if (!new)
-        ossl_raise(eX509NameError, "X509_NAME_dup");
+    if (!name) {
+	new = X509_NAME_new();
+    } else {
+	new = X509_NAME_dup(name);
+    }
+    if (!new) {
+	ossl_raise(eX509NameError, NULL);
+    }
     SetX509Name(obj, new);
 
     return obj;
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
@@ -54,9 +54,14 @@ ossl_x509revoked_new(X509_REVOKED *rev)
     VALUE obj;
 
     obj = NewX509Rev(cX509Rev);
-    new = X509_REVOKED_dup(rev);
-    if (!new)
-	ossl_raise(eX509RevError, "X509_REVOKED_dup");
+    if (!rev) {
+	new = X509_REVOKED_new();
+    } else {
+	new = X509_REVOKED_dup(rev);
+    }
+    if (!new) {
+	ossl_raise(eX509RevError, NULL);
+    }
     SetX509Rev(obj, new);
 
     return obj;
