the default cert could be PEM or a java keystore. it should load both whatver is used as default.

mkristian · mkristian · commit 1d3ba21fbe2f · 2015-08-19T23:23:38.000+02:00
diff --git a/lib/jopenssl/version.rb b/lib/jopenssl/version.rb
@@ -1,6 +1,6 @@
 module Jopenssl
   module Version
-    VERSION = '0.9.9'
+    VERSION = '0.9.10'
     BOUNCY_CASTLE_VERSION = '1.50'
   end
 end
diff --git a/src/main/java/org/jruby/ext/openssl/OpenSSL.java b/src/main/java/org/jruby/ext/openssl/OpenSSL.java
@@ -205,7 +205,7 @@ static boolean isDebug(final Ruby runtime) {
         return getDebug( OpenSSL ) == runtime.getTrue();
     }
 
-    static void debugStackTrace(final Ruby runtime, final Throwable e) {
+    public static void debugStackTrace(final Ruby runtime, final Throwable e) {
         if ( isDebug(runtime) ) e.printStackTrace(runtime.getOut());
     }
 
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java b/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
@@ -27,6 +27,9 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl.x509store;
 
+
+import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;
+
 import org.jruby.ext.openssl.util.Cache;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_CERT_DIR;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_ASN1;
@@ -239,6 +242,10 @@ else if ( type == X509_FILETYPE_ASN1 ) {
                 return 0; // NOTE: really?
             }
         }
+        catch(IOException e) {
+            debugStackTrace(runtime, e);
+            return 0;
+        }
         finally {
             if ( reader != null ) {
                 try { reader.close(); } catch (Exception ignored) {}
@@ -285,6 +292,10 @@ else if ( type == X509_FILETYPE_ASN1 ) {
                 return 0; // NOTE: really?
             }
         }
+        catch(IOException e) {
+            debugStackTrace(runtime, e);
+            return 0;
+        }
         finally {
             if ( reader != null ) {
                 try { reader.close(); } catch (Exception ignored) {}
@@ -345,6 +356,10 @@ else if ( cert instanceof CRL ) {
             }
             return count;
         }
+        catch(IOException e) {
+            debugStackTrace(runtime, e);
+            return 0;
+        }
         finally {
             if ( reader != null ) {
                 try { reader.close(); } catch (Exception ignored) {}
@@ -367,6 +382,9 @@ public int loadDefaultJavaCACertsFile() throws IOException, GeneralSecurityExcep
                 count++;
             }
         }
+        catch(IOException e) {
+            return 0;
+        }
         finally {
             try { fin.close(); } catch (Exception ignored) {}
         }
@@ -522,6 +540,10 @@ public int call(final Lookup ctx, final Integer cmd, final String argp, final Nu
                         ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
                     } else {
                         ok = (ctx.loadDefaultJavaCACertsFile() != 0) ? 1: 0;
+                        // it could be a PEM file
+                        if (ok == 0) {
+                            ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
+                        }
                     }
                     if (ok == 0) {
                         X509Error.addError(X509_R_LOADING_DEFAULTS);

Original file line number	Diff line number	Diff line change
`@@ -205,7 +205,7 @@ static boolean isDebug(final Ruby runtime) {`
`205`	`205`	`return getDebug( OpenSSL ) == runtime.getTrue();`
`206`	`206`	`}`
`207`	`207`
`208`		`- static void debugStackTrace(final Ruby runtime, final Throwable e) {`
	`208`	`+ public static void debugStackTrace(final Ruby runtime, final Throwable e) {`
`209`	`209`	`if ( isDebug(runtime) ) e.printStackTrace(runtime.getOut());`
`210`	`210`	`}`
`211`	`211`