OpenSSL errors that don't involve ERR_get_error

[HertzDevil]

OpenSSL::Error calls ERR_get_error in its #initialize to obtain the error on the current thread's OpenSSL error queue, but not all functions signal failure this way. For example, EVP_get_digestbyname, which is used by OpenSSL::Digest.new, simply returns a null pointer, and you get a rather confusing exception message:

require "openssl"

OpenSSL::Digest.new("abc") # Unsupported digest algorithm: abc: Unknown or no error (OpenSSL::Digest::UnsupportedError)

This can be suppressed by passing fetched: true when constructing the exception, although this doesn't appear to have been used publicly, other than in OpenSSL::SSL::Error:

module OpenSSL
  class Digest < ::Digest
    private def new_evp_mt_ctx(name)
      md = LibCrypto.evp_get_digestbyname(name)
      unless md
        raise UnsupportedError.new("Unsupported digest algorithm: #{name}", fetched: true)
      end
      # ...
    end
  end
end

OpenSSL::Digest.new("abc") # Unsupported digest algorithm: abc (OpenSSL::Digest::UnsupportedError)

We need to go through the OpenSSL documentation to see which functions actually need ERR_get_error and which ones do not.