PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7ca3405efbb0fa393cb6357326eb9e31ee7d5607..0242f1e4da00f510dae5871e2e55724e62b2aad2 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -886,6 +886,8 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                        }
   
                X509_verify_cert(&xs_ctx);
+               /* Don't leave errors in the queue */
+               ERR_clear_error();
                for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                        {
                        x = sk_X509_value(xs_ctx.chain, i);

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 16d92610e95f1283a63f3bb959496ab4b662291a..a6d869df59e862be10547a97afd1168b7196ea44 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -352,6 +352,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                                return(0);
                                }
                        X509_verify_cert(&xs_ctx);
+                       /* Don't leave errors in the queue */
+                       ERR_clear_error();
                        for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                                {
                                x = sk_X509_value(xs_ctx.chain, i);

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index be51b42f23c6d30dc9b901b91078dd1b578570dc..27256eea8145455f5e0ec89bc23c78e8736c49b7 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -755,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                        sk_X509_NAME_push(stack,xn);
                }
 
+       ERR_clear_error();
+
        if (0)
                {
 err: