From 5f23288692fcefe8bbc17e1e5c874fc28e00a522 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Fri, 23 May 2008 10:37:22 +0000
Subject: [PATCH] Clear error queue when starting
 SSL_CTX_use_certificate_chain_file PR: 1417, 1513 Submitted by: Erik de
 Castro Lopo <mle+openssl@mega-nerd.com>

---
 CHANGES       | 6 ++++++
 ssl/ssl_rsa.c | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGES b/CHANGES
index 77ffb06443..9c4559fa5a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
 
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
   *) Remove root CA certificates of commercial CAs:
 
      The OpenSSL project does not recommend any specific CA and does not
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index fc42dfa1ec..a7721d05e3 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -708,6 +708,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 	int ret=0;
 	X509 *x=NULL;
 
+	ERR_clear_error(); /* This function needs to check the error stack
+			      even if the return code(s) of called functions
+			      indicate success.
+			      The error stack must therefore be cleared
+			      before starting. */
+
 	in=BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
-- 
2.25.1