fix(x509.store) return all error on load_file or add failure

Author: fffonion

lib/resty/openssl/err.lua

@@ -8,6 +8,7 @@ local ctypes = require "resty.openssl.aux.ctypes"
 ffi.cdef [[
   unsigned long ERR_peek_error(void);
   unsigned long ERR_peek_last_error_line(const char **file, int *line);
+  unsigned long ERR_get_error_line(const char **file, int *line);
   void ERR_clear_error(void);
   void ERR_error_string_n(unsigned long e, char *buf, size_t len);
 ]]
@@ -16,16 +17,21 @@ local constchar_ptrptr = ffi.typeof("const char*[1]")
 
 local buf = ffi.new('char[256]')
 
-local function format_error(ctx, code)
+local function format_error(ctx, code, all_errors)
   local errors = {}
   if code then
     table.insert(errors, string.format("code: %d", code or 0))
   end
   -- get the OpenSSL errors
-  if C.ERR_peek_error() ~= 0 then
+  while C.ERR_peek_error() ~= 0 do
     local line = ctypes.ptr_of_int()
     local path = constchar_ptrptr()
-    local code = C.ERR_peek_last_error_line(path, line)
+    local code
+    if all_errors then
+      code = C.ERR_get_error_line(path, line)
+    else
+      code = C.ERR_peek_last_error_line(path, line)
+    end
 
     local abs_path = ffi_str(path[0])
     -- ../crypto/asn1/a_d2i_fp.c => crypto/asn1/a_d2i_fp.c
@@ -34,20 +40,30 @@ local function format_error(ctx, code)
       abs_path = abs_path:sub(start+1)
     end
 
-    C.ERR_clear_error()
     C.ERR_error_string_n(code, buf, ffi_sizeof(buf))
     table.insert(errors, string.format("%s:%d:%s",
       abs_path, line[0], ffi_str(buf))
     )
+
+    if not all_errors then
+      break
+    end
   end
 
+  C.ERR_clear_error()
+
   if #errors > 0 then
     return string.format("%s%s%s", (ctx or ""), (ctx and ": " or ""), table.concat(errors, " "))
   else
     return string.format("%s failed", ctx)
   end
 end
 
+local function format_all_error(ctx, code)
+  return format_error(ctx, code, true)
+end
+
 return {
   format_error = format_error,
+  format_all_error = format_all_error,
 }

lib/resty/openssl/x509/store.lua

@@ -7,7 +7,8 @@ local x509_vfy_macro = require "resty.openssl.include.x509_vfy"
 local x509_lib = require "resty.openssl.x509"
 local chain_lib = require "resty.openssl.x509.chain"
 local crl_lib = require "resty.openssl.x509.crl"
-local format_error = require("resty.openssl.err").format_error
+local format_error = require("resty.openssl.err").format_all_error
+local format_all_error = require("resty.openssl.err").format_error
 
 local _M = {}
 local mt = { __index = _M }
@@ -36,7 +37,7 @@ end
 
 function _M:use_default()
   if C.X509_STORE_set_default_paths(self.ctx) ~= 1 then
-    return false, format_error("x509.store:use_default")
+    return false, format_all_error("x509.store:use_default")
   end
   return true
 end
@@ -51,7 +52,7 @@ function _M:add(item)
     end
     -- ref counter of dup is increased by 1
     if C.X509_STORE_add_cert(self.ctx, dup) ~= 1 then
-      err = format_error("x509.store:add: X509_STORE_add_cert")
+      err = format_all_error("x509.store:add: X509_STORE_add_cert")
     end
     -- decrease the dup ctx ref count immediately to make leak test happy
     C.X509_free(dup)
@@ -62,7 +63,7 @@ function _M:add(item)
     end
     -- ref counter of dup is increased by 1
     if C.X509_STORE_add_crl(self.ctx, dup) ~= 1 then
-      err = format_error("x509.store:add: X509_STORE_add_crl")
+      err = format_all_error("x509.store:add: X509_STORE_add_crl")
     end
 
     -- define X509_V_FLAG_CRL_CHECK                   0x4
@@ -92,7 +93,7 @@ function _M:load_file(path)
     return false, "x509.store:load_file: expect a string at #1"
   else
     if C.X509_STORE_load_locations(self.ctx, path, nil) ~= 1 then
-      return false, format_error("x509.store:load_file")
+      return false, format_all_error("x509.store:load_file")
     end
   end
 
@@ -104,7 +105,7 @@ function _M:load_directory(path)
     return false, "x509.store:load_directory expect a string at #1"
   else
     if C.X509_STORE_load_locations(self.ctx, nil, path) ~= 1 then
-      return false, format_error("x509.store:load_directory")
+      return false, format_all_error("x509.store:load_directory")
     end
   end