Clear error queue when starting SSL_CTX_use_certificate_chain_file

PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

diff --git a/CHANGES b/CHANGES
index 77ffb06443d5fe223c3e9439291c71c305dd2a33..9c4559fa5aa30f11d5e2c47d84e63f8196333248 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
 
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
   *) Remove root CA certificates of commercial CAs:
 
      The OpenSSL project does not recommend any specific CA and does not

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index fc42dfa1ec6643fe0e73a1440b8b92c994c84bc0..a7721d05e3dfff8210b60d87146a34d3efe43f4a 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -708,6 +708,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
        int ret=0;
        X509 *x=NULL;
 
+       ERR_clear_error(); /* This function needs to check the error stack
+                             even if the return code(s) of called functions
+                             indicate success.
+                             The error stack must therefore be cleared
+                             before starting. */
+
        in=BIO_new(BIO_s_file_internal());
        if (in == NULL)
                {