Clear error queue when starting SSL_CTX_use_certificate_chain_file
authorLutz Jänicke <jaenicke@openssl.org>
Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)
committerLutz Jänicke <jaenicke@openssl.org>
Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

CHANGES
ssl/ssl_rsa.c

diff --git a/CHANGES b/CHANGES
index e14c405abb1747dea28df373c0f5a0513f385fce..c726ac5f000ce3a6381af5f15a2c70923af9ab26 100644 (file)
--- a/CHANGES
+++ b/CHANGES
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
 
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
   *) Remove root CA certificates of commercial CAs:
 
      The OpenSSL project does not recommend any specific CA and does not
index fc42dfa1ec6643fe0e73a1440b8b92c994c84bc0..a7721d05e3dfff8210b60d87146a34d3efe43f4a 100644 (file)
@@ -708,6 +708,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
        int ret=0;
        X509 *x=NULL;
 
+       ERR_clear_error(); /* This function needs to check the error stack
+                             even if the return code(s) of called functions
+                             indicate success.
+                             The error stack must therefore be cleared
+                             before starting. */
+
        in=BIO_new(BIO_s_file_internal());
        if (in == NULL)
                {