projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: be06a93)
Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
authorBodo Möller <bodo@openssl.org>
Sat, 27 May 2000 22:25:01 +0000 (22:25 +0000)
committerBodo Möller <bodo@openssl.org>
Sat, 27 May 2000 22:25:01 +0000 (22:25 +0000)
CHANGES patch | blob | history
ssl/s2_clnt.c patch | blob | history
ssl/s3_clnt.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index ad61f13440d305dc40e326188bd6531b9253725f..e57e0f4fc6d04f4c889900598987cee48965109c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,13 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
-  *) EVP cipher enhancment. Add hooks for extra EVP features. This will allow
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
      various cipher parameters to be set in the EVP interface. Initially
      support added for variable key length ciphers via the
      EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 6ff6a513629419cf553baf7a21d00630c7abd3d6..47dd09c286f398922daf505534394f67b0f66395 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -920,6 +920,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
                goto err;
                }
+       ERR_clear_error(); /* but we keep s->verify_result */
 
        /* server's cert for this session */
        sc=ssl_sess_cert_new();
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0c8f551f7362df6cc17e859265f4d51065031b75..6a09d6aa8a1e9098d3a01ae336b8da914d936680 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -764,6 +764,7 @@ static int ssl3_get_server_certificate(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
                goto f_err; 
                }
+       ERR_clear_error(); /* but we keep s->verify_result */
 
        sc=ssl_sess_cert_new();
        if (sc == NULL) goto err;
Unnamed repository; edit this file 'description' to name the repository.