Revert "[ruby/openssl] x509: disallow ossl_x509{,attr,crl,ext,revoked,name}*_new(NULL)"

This reverts commit 4e8bbb07dd. It broke RubyGems tests: 20250727T123003Z.fail.html.gz OpenSSL::X509::StoreContext#current_cert incorrectly calls ossl_x509_new() with NULL to create a bogus Certificate object, and a test case in RubyGems relies on it. This will be reapplied when both are fixed.
2025-08-15 13:39:04 +02:00 · 2025-07-27 22:56:10 +09:00 · 2025-07-27 22:56:10 +09:00 · ec01cd9bbb
commit ec01cd9bbb
parent 9eda3cf423
6 changed files with 42 additions and 18 deletions
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@ -54,9 +54,14 @@ ossl_x509attr_new(X509_ATTRIBUTE *attr)
    VALUE obj;

    obj = NewX509Attr(cX509Attr);
-    new = X509_ATTRIBUTE_dup(attr);
-    if (!new)
-        ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
+    if (!attr) {
+	new = X509_ATTRIBUTE_new();
+    } else {
+	new = X509_ATTRIBUTE_dup(attr);
+    }
+    if (!new) {
+	ossl_raise(eX509AttrError, NULL);
+    }
    SetX509Attr(obj, new);

    return obj;
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@ -54,9 +54,14 @@ ossl_x509_new(X509 *x509)
    VALUE obj;

    obj = NewX509(cX509Cert);
-    new = X509_dup(x509);
-    if (!new)
-        ossl_raise(eX509CertError, "X509_dup");
+    if (!x509) {
+	new = X509_new();
+    } else {
+	new = X509_dup(x509);
+    }
+    if (!new) {
+	ossl_raise(eX509CertError, NULL);
+    }
    SetX509(obj, new);

    return obj;
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@ -64,9 +64,8 @@ ossl_x509crl_new(X509_CRL *crl)
    VALUE obj;

    obj = NewX509CRL(cX509CRL);
-    tmp = X509_CRL_dup(crl);
-    if (!tmp)
-        ossl_raise(eX509CRLError, "X509_CRL_dup");
+    tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new();
+    if(!tmp) ossl_raise(eX509CRLError, NULL);
    SetX509CRL(obj, tmp);

    return obj;
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@ -68,9 +68,14 @@ ossl_x509ext_new(X509_EXTENSION *ext)
    VALUE obj;

    obj = NewX509Ext(cX509Ext);
-    new = X509_EXTENSION_dup(ext);
-    if (!new)
-        ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
+    if (!ext) {
+	new = X509_EXTENSION_new();
+    } else {
+	new = X509_EXTENSION_dup(ext);
+    }
+    if (!new) {
+	ossl_raise(eX509ExtError, NULL);
+    }
    SetX509Ext(obj, new);

    return obj;
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@ -59,9 +59,14 @@ ossl_x509name_new(X509_NAME *name)
    VALUE obj;

    obj = NewX509Name(cX509Name);
-    new = X509_NAME_dup(name);
-    if (!new)
-        ossl_raise(eX509NameError, "X509_NAME_dup");
+    if (!name) {
+	new = X509_NAME_new();
+    } else {
+	new = X509_NAME_dup(name);
+    }
+    if (!new) {
+	ossl_raise(eX509NameError, NULL);
+    }
    SetX509Name(obj, new);

    return obj;
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@ -54,9 +54,14 @@ ossl_x509revoked_new(X509_REVOKED *rev)
    VALUE obj;

    obj = NewX509Rev(cX509Rev);
-    new = X509_REVOKED_dup(rev);
-    if (!new)
-	ossl_raise(eX509RevError, "X509_REVOKED_dup");
+    if (!rev) {
+	new = X509_REVOKED_new();
+    } else {
+	new = X509_REVOKED_dup(rev);
+    }
+    if (!new) {
+	ossl_raise(eX509RevError, NULL);
+    }
    SetX509Rev(obj, new);

    return obj;