Don't output bogus errors in PKCS12_parse
authorDr. Stephen Henson <steve@openssl.org>
Wed, 24 Jun 2015 11:28:50 +0000 (12:28 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 25 Jun 2015 03:55:43 +0000 (04:55 +0100)
PR#3923

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664)

crypto/pkcs12/p12_kiss.c

index ee476c38f4a733102cbb3b650e89766b639cde76..9aa3c90c4e5726f34ef6f1d14b5eb8c463609799 100644 (file)
@@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
     while ((x = sk_X509_pop(ocerts))) {
         if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
             if (X509_check_private_key(x, *pkey)) {
                 *cert = x;
                 x = NULL;
             }
+            ERR_pop_to_mark();
         }
 
         if (ca && x) {