From a3a06e6543bf05511cc2f508ad555a281c801326 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 24 Mar 2010 23:17:15 +0000 Subject: [PATCH] PR: 1731 and maybe 2197 Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue. --- ssl/d1_both.c | 2 ++ ssl/s3_both.c | 2 ++ ssl/ssl_cert.c | 2 ++ 3 files changed, 6 insertions(+) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 7ca3405efb..0242f1e4da 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -886,6 +886,8 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) } X509_verify_cert(&xs_ctx); + /* Don't leave errors in the queue */ + ERR_clear_error(); for (i=0; i < sk_X509_num(xs_ctx.chain); i++) { x = sk_X509_value(xs_ctx.chain, i); diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 16d92610e9..a6d869df59 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -352,6 +352,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) return(0); } X509_verify_cert(&xs_ctx); + /* Don't leave errors in the queue */ + ERR_clear_error(); for (i=0; i < sk_X509_num(xs_ctx.chain); i++) { x = sk_X509_value(xs_ctx.chain, i); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index be51b42f23..27256eea81 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -755,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, sk_X509_NAME_push(stack,xn); } + ERR_clear_error(); + if (0) { err: -- 2.25.1