X509::Store.set_default_paths ignores FileNotFound errors like MRI does

fixes #68 Sponsored by Lookout Inc.
jruby · Sep 15, 2015 · 91619ec · kares · Oct 7, 2015 · 91619ec
1 parent 742b9e6
commit 91619ec
Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Store.java b/src/main/java/org/jruby/ext/openssl/x509store/Store.java
@@ -32,6 +32,7 @@
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_CERT_ALREADY_IN_HASH_TABLE;
 
 import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -372,6 +373,12 @@ public int setDefaultPaths(Ruby runtime) throws Exception {
         catch (FileNotFoundException e) {
             // set_default_paths ignores FileNotFound
         }
+        catch (IOException e) {
+            if (!e.getClass().getSimpleName().equals("NotFound")) {
+                throw e;
+            }
+            // set_default_paths ignores FileNotFound
+        }
 
         lookup = addLookup(runtime, Lookup.hashDirLookup());
         //if ( lookup == null ) return 0;
@@ -382,6 +389,12 @@ public int setDefaultPaths(Ruby runtime) throws Exception {
         catch (FileNotFoundException e) {
             // set_default_paths ignores FileNotFound
         }
+        catch (IOException e) {
+            if (!e.getClass().getSimpleName().equals("NotFound")) {
+                throw e;
+            }
+            // set_default_paths ignores FileNotFound
+        }
 
         X509Error.clearErrors();
         return 1;

diff --git a/src/test/ruby/x509/test_x509store.rb b/src/test/ruby/x509/test_x509store.rb
@@ -55,6 +55,13 @@ def test_add_file_to_store_with_custom_cert_file
     assert store.verify( OpenSSL::X509::Certificate.new(File.read(@pem)))
   end
 
+  def test_use_non_existing_cert_file
+    ENV['SSL_CERT_FILE'] = 'non-existing-file.crt'
+    store = OpenSSL::X509::Store.new
+    store.set_default_paths
+    assert !store.verify(@cert)
+  end
+
   def test_verfy_with_wrong_argument
     store = OpenSSL::X509::Store.new
     assert_raise(TypeError) { store.verify( 'not an cert object' ) }