From 36eb2de167e3c3c00908ca0dbb22c1f6c9c74e74 Mon Sep 17 00:00:00 2001
From: Greg Bowser <topnotcher@gmail.com>
Date: Tue, 24 Jan 2017 11:38:55 -0500
Subject: Prevent _PassphraseHelper.raise_if_problem() from eating exceptions
 (#581)

* Modify tests to detect empty crypto.Errors from load_privatekey

This reproduces #119 and #456.

* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.

This resolves #119, resolves #456.

`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).

This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.

* Add CHANGELOG entry for #581.
---
 CHANGELOG.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.rst')

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index f76f64c..6ef6f7b 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -36,6 +36,8 @@ Changes:
   `#578 <https://github.com/pyca/pyopenssl/pull/578>`_
 - Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
   `#575 <https://github.com/pyca/pyopenssl/pull/575>`_
+- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
+  `#581 <https://github.com/pyca/pyopenssl/pull/581>`_
 
 
 ----
-- 
cgit v1.2.1