Prevent _PassphraseHelper.raise_if_problem() from eating exceptions (#581)
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 7bb0cfa..4b86b95 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -2523,13 +2523,15 @@
)
def raise_if_problem(self, exceptionType=Error):
- try:
- _exception_from_error_queue(exceptionType)
- except exceptionType as e:
- from_queue = e
if self._problems:
- raise self._problems[0]
- return from_queue
+
+ # Flush the OpenSSL error queue
+ try:
+ _exception_from_error_queue(exceptionType)
+ except exceptionType:
+ pass
+
+ raise self._problems.pop(0)
def _read_passphrase(self, buf, size, rwflag, userdata):
try: