Get all errs in openssl err helper

Openssl maintains an error queue. A given function may add multiple errors to that queue, and only printing the last one is worse than printing the whole thing. In fact, as it was implemented before, the output was not consistent; e.g. the same error could produce different messages.
SkyLothar · Feb 23, 2018 · e840027 · e840027
1 parent d307a14
commit e840027
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/lib/resty/evp.lua b/lib/resty/evp.lua
@@ -111,11 +111,18 @@ int X509_digest(const X509 *data,const EVP_MD *type,
 
 
 local function _err(ret)
+    -- The openssl error queue can have multiple items, print them all separated by ': '
+    local errs = {}
     local code = _C.ERR_get_error()
-    if code == 0 then
+    while code ~= 0 do
+        table.insert(errs, 1, ffi.string(_C.ERR_reason_error_string(code)))
+        code = _C.ERR_get_error()
+    end
+
+    if #errs == 0 then
         return ret, "Zero error code (null arguments?)"
     end
-    return ret, ffi.string(_C.ERR_reason_error_string(code))
+    return ret, table.concat(errs, ": ")
 end
 
 
@@ -134,6 +141,9 @@ function RSASigner.new(self, pem_private_key)
 
     -- TODO might want to support password protected private keys...
     local rsa = _C.PEM_read_bio_RSAPrivateKey(bio, nil, nil, nil)
+    if rsa == nil then
+        return _err()
+    end
     ffi.gc(rsa, _C.RSA_free)
 
     local evp_pkey = _C.EVP_PKEY_new()