Merge pull request #648 from rhenium/ky/error-additional-data

Include "additional data" message in OpenSSL errors

Author: rhenium

ext/openssl/ossl.c

@@ -272,23 +272,28 @@ VALUE
 ossl_make_error(VALUE exc, VALUE str)
 {
     unsigned long e;
+    const char *data;
+    int flags;
 
-    e = ERR_peek_last_error();
+    if (NIL_P(str))
+        str = rb_str_new(NULL, 0);
+
+#ifdef HAVE_ERR_GET_ERROR_ALL
+    e = ERR_peek_last_error_all(NULL, NULL, NULL, &data, &flags);
+#else
+    e = ERR_peek_last_error_line_data(NULL, NULL, &data, &flags);
+#endif
     if (e) {
-	const char *msg = ERR_reason_error_string(e);
+        const char *msg = ERR_reason_error_string(e);
 
-	if (NIL_P(str)) {
-	    if (msg) str = rb_str_new_cstr(msg);
-	}
-	else {
-	    if (RSTRING_LEN(str)) rb_str_cat2(str, ": ");
-	    rb_str_cat2(str, msg ? msg : "(null)");
-	}
-	ossl_clear_error();
+        if (RSTRING_LEN(str)) rb_str_cat_cstr(str, ": ");
+        rb_str_cat_cstr(str, msg ? msg : "(null)");
+        if (flags & ERR_TXT_STRING && data)
+            rb_str_catf(str, " (%s)", data);
+        ossl_clear_error();
     }
 
-    if (NIL_P(str)) str = rb_str_new(0, 0);
-    return rb_exc_new3(exc, str);
+    return rb_exc_new_str(exc, str);
 }
 
 void

test/openssl/test_config.rb

@@ -91,22 +91,19 @@ def test_s_parse_format
     assert_equal('123baz456bar798', c['dollar']['qux'])
     assert_equal('123baz456bar798.123baz456bar798', c['dollar']['quxx'])
 
-    excn = assert_raise(OpenSSL::ConfigError) do
+    assert_raise_with_message(OpenSSL::ConfigError, /error in line 1: variable has no value/) do
       OpenSSL::Config.parse("foo = $bar")
     end
-    assert_equal("error in line 1: variable has no value", excn.message)
 
-    excn = assert_raise(OpenSSL::ConfigError) do
+    assert_raise_with_message(OpenSSL::ConfigError, /error in line 1: no close brace/) do
       OpenSSL::Config.parse("foo = $(bar")
     end
-    assert_equal("error in line 1: no close brace", excn.message)
 
-    excn = assert_raise(OpenSSL::ConfigError) do
+    assert_raise_with_message(OpenSSL::ConfigError, /error in line 1: missing equal sign/) do
       OpenSSL::Config.parse("f o =b  ar      # no space in key")
     end
-    assert_equal("error in line 1: missing equal sign", excn.message)
 
-    excn = assert_raise(OpenSSL::ConfigError) do
+    assert_raise_with_message(OpenSSL::ConfigError, /error in line 7: missing close square bracket/) do
       OpenSSL::Config.parse(<<__EOC__)
 # comment 1               # comments
 
@@ -117,7 +114,6 @@ def test_s_parse_format
 [third                    # section not terminated
 __EOC__
     end
-    assert_equal("error in line 7: missing close square bracket", excn.message)
   end
 
   def test_s_parse_include

test/openssl/test_ossl.rb

@@ -60,6 +60,18 @@ def test_memcmp_timing
     assert_operator(a_b_time, :<, a_c_time * 10, "fixed_length_secure_compare timing test failed")
     assert_operator(a_c_time, :<, a_b_time * 10, "fixed_length_secure_compare timing test failed")
   end
+
+  def test_error_data
+    # X509V3_EXT_nconf_nid() called from OpenSSL::X509::ExtensionFactory#create_ext is a function
+    # that uses ERR_raise_data() to append additional information about the error.
+    #
+    # The generated message should look like:
+    #     "subjectAltName = IP:not.a.valid.ip.address: bad ip address (value=not.a.valid.ip.address)"
+    ef = OpenSSL::X509::ExtensionFactory.new
+    assert_raise_with_message(OpenSSL::X509::ExtensionError, /\(value=not.a.valid.ip.address\)/) {
+      ef.create_ext("subjectAltName", "IP:not.a.valid.ip.address")
+    }
+  end
 end
 
 end