From e840027cd5d67c9198ceec10399fd1f7701eaf6d Mon Sep 17 00:00:00 2001
From: Euan Kemp <euank@euank.com>
Date: Thu, 22 Feb 2018 02:59:56 -0800
Subject: [PATCH] Get all errs in openssl err helper

Openssl maintains an error queue.
A given function may add multiple errors to that queue, and only
printing the last one is worse than printing the whole thing.

In fact, as it was implemented before, the output was not consistent;
e.g. the same error could produce different messages.
---
 lib/resty/evp.lua | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/resty/evp.lua b/lib/resty/evp.lua
index 59ff18b..b5ba2cf 100644
--- a/lib/resty/evp.lua
+++ b/lib/resty/evp.lua
@@ -111,11 +111,18 @@ int X509_digest(const X509 *data,const EVP_MD *type,
 
 
 local function _err(ret)
+    -- The openssl error queue can have multiple items, print them all separated by ': '
+    local errs = {}
     local code = _C.ERR_get_error()
-    if code == 0 then
+    while code ~= 0 do
+        table.insert(errs, 1, ffi.string(_C.ERR_reason_error_string(code)))
+        code = _C.ERR_get_error()
+    end
+
+    if #errs == 0 then
         return ret, "Zero error code (null arguments?)"
     end
-    return ret, ffi.string(_C.ERR_reason_error_string(code))
+    return ret, table.concat(errs, ": ")
 end
 
 
@@ -134,6 +141,9 @@ function RSASigner.new(self, pem_private_key)
 
     -- TODO might want to support password protected private keys...
     local rsa = _C.PEM_read_bio_RSAPrivateKey(bio, nil, nil, nil)
+    if rsa == nil then
+        return _err()
+    end
     ffi.gc(rsa, _C.RSA_free)
 
     local evp_pkey = _C.EVP_PKEY_new()