Issue #12704 has been reported by Benoit Daloze.

----------------------------------------
Bug #12704: Fix typo in ossl_ocspreq_sign
https://bugs.ruby-lang.org/issues/12704

* Author: Benoit Daloze
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.4.0dev (2016-08-21 trunk 55976) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
The code of ossl_ocspreq_sign reads:

~~~ c
static VALUE
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
{
    VALUE signer_cert, signer_key, certs, flags, digest;
    OCSP_REQUEST *req;
    X509 *signer;
    EVP_PKEY *key;
    STACK_OF(X509) *x509s = NULL;
    unsigned long flg = 0;
    const EVP_MD *md;
    int ret;

    ...
    if (NIL_P(certs))
	flags |= OCSP_NOCERTS;
~~~

The last line is wrong since it uses "flags" instead of "flg".

The fix seems to be:

~~~ diff
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index c0f2dfe..baea202 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -399,7 +399,7 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
     else
 	md = GetDigestPtr(digest);
     if (NIL_P(certs))
-	flags |= OCSP_NOCERTS;
+	flg |= OCSP_NOCERTS;
     else
 	x509s = ossl_x509_ary2sk(certs);
 
~~~

Which is also what ossl_ocspbres_sign does.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>