There's a few calls to setter functions that are unchecked.
- X509_STORE_set_trust (can fail with invalid argument)
- X509_STORE_set_flags (can't fail with the current implementation, but docs don't confirm this)
- X509_STORE_set_purpose (can fail with invalid argument)
- SSL_SESSION_set_timeout (can fail with negative argument)
- TS_RESP_CTX_set_signer_key (can't fail with the current implementation, but docs don't confirm this)
- Probably some more
Yet the setters on Ruby's side don't check the return value of these OpenSSL calls. That means that the user is not informed that their setter has failed. It also returns the new value even though the new value may not have been set.
It may be desirable to raise an exception. On the other hand it may break some code (although you could argue that the code was already wrong to begin with).
Could you please share your opinion on this? If wanted, I can send a PR.
There's a few calls to setter functions that are unchecked.
Yet the setters on Ruby's side don't check the return value of these OpenSSL calls. That means that the user is not informed that their setter has failed. It also returns the new value even though the new value may not have been set.
It may be desirable to raise an exception. On the other hand it may break some code (although you could argue that the code was already wrong to begin with).
Could you please share your opinion on this? If wanted, I can send a PR.