From: Lutz Jänicke <jaenicke@openssl.org>
Date: Fri, 23 May 2008 10:37:52 +0000 (+0000)
Subject: Clear error queue when starting SSL_CTX_use_certificate_chain_file
X-Git-Tag: OpenSSL_0_9_8k^2~390
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c2c2e7a438bf2876fc780cc1072941ab75769d57;p=oweals%2Fopenssl.git

Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
---

diff --git a/CHANGES b/CHANGES
index e14c405abb..c726ac5f00 100644
--- a/CHANGES
+++ b/CHANGES
@@ -686,6 +686,12 @@
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
 
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
   *) Remove root CA certificates of commercial CAs:
 
      The OpenSSL project does not recommend any specific CA and does not
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index fc42dfa1ec..a7721d05e3 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -708,6 +708,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 	int ret=0;
 	X509 *x=NULL;
 
+	ERR_clear_error(); /* This function needs to check the error stack
+			      even if the return code(s) of called functions
+			      indicate success.
+			      The error stack must therefore be cleared
+			      before starting. */
+
 	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{