Correctly handle errors from X509_CRL_sign
diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
index 6a14bce..614a606 100644
--- a/OpenSSL/crypto/crl.c
+++ b/OpenSSL/crypto/crl.c
@@ -131,13 +131,13 @@
ASN1_TIME *tmptm;
crypto_X509Obj *x509;
static char *kwlist[] = {"cert", "key", "type", "days", NULL};
-
+
if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
- &crypto_X509_Type, &x509,
+ &crypto_X509_Type, &x509,
&crypto_PKey_Type, &key, &type, &days)) {
return NULL;
}
-
+
bio = BIO_new(BIO_s_mem());
tmptm = ASN1_TIME_new();
if (!tmptm) {
@@ -149,7 +149,13 @@
X509_CRL_set_nextUpdate(self->crl, tmptm);
ASN1_TIME_free(tmptm);
X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
- X509_CRL_sign(self->crl, key->pkey, EVP_md5());
+
+ if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) {
+ exception_from_error_queue(crypto_Error);
+ BIO_free(bio);
+ return NULL;
+ }
+
switch (type) {
case X509_FILETYPE_PEM:
ret = PEM_write_bio_X509_CRL(bio, self->crl);
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index b8c7ab1..56638e8 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -2515,6 +2515,15 @@
self.assertEqual(text, dumped_text)
+ def test_export_invalid(self):
+ """
+ If :py:obj:`CRL.export` is used with an uninitialized :py:obj:`X509`
+ instance, :py:obj:`ValueError` is raised.
+ """
+ crl = CRL()
+ self.assertRaises(Error, crl.export, X509(), PKey())
+
+
def test_add_revoked_keyword(self):
"""
:py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the