search

aws / aws-lc

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Other
354 stars 111 forks source link

Fix SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR behavior #1620

Closed samuel40791765 closed 4 months ago

samuel40791765 commented 4 months ago

Description of changes:

This was discovered when taking https://github.com/google/boringssl/commit/5b3dc49c1271554f73b976c2c625600d6bd912b0 during the upstream merge. ERR_clear_error is being called more eagerly with the new change, which led us to discover that SSLTest.BuildCertChain was actually testing against an error code propagated onto the stack by the previous call to SSL_CTX_build_cert_chain.

Upon further examination, we weren't propagating an error when calling SSL_CTX_build_cert_chain with SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR . The correct behavior should be to push an error onto the stack regardless.

Call-outs:

N/A

Testing:

Slight test tweaks

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

codecov-commenter commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.08%. Comparing base (8258d73) to head (77da30f). Report is 19 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1620 +/- ## ========================================== + Coverage 78.05% 78.08% +0.02% ========================================== Files 562 562 Lines 94600 94656 +56 Branches 13575 13574 -1 ========================================== + Hits 73840 73908 +68 + Misses 20168 20153 -15 - Partials 592 595 +3 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.