From ffbf304d4832bd51bb0618f8ca5b7c26647ee664 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 24 Jun 2015 12:28:50 +0100 Subject: [PATCH 1/1] Don't output bogus errors in PKCS12_parse PR#3923 Reviewed-by: Tim Hudson --- crypto/pkcs12/p12_kiss.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index a70fe72d09..fdddffbab4 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, while ((x = sk_X509_pop(ocerts))) { if (pkey && *pkey && cert && !*cert) { + ERR_set_mark(); if (X509_check_private_key(x, *pkey)) { *cert = x; x = NULL; } + ERR_pop_to_mark(); } if (ca && x) { -- 2.34.1