X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;ds=sidebyside;f=ssl%2Fssl_rsa.c;h=60e7b66859dbe3db21d9f4fa4404601537117dba;hb=e7b9d9be48cdc598a46c8e1536035ed29a9af254;hp=fc42dfa1ec6643fe0e73a1440b8b92c994c84bc0;hpb=dc0ed30cfeb37d64fc2bd26887b19e0898a96bde;p=openssl.git

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index fc42dfa1ec..60e7b66859 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -708,7 +708,9 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 	int ret=0;
 	X509 *x=NULL;
 
-	in=BIO_new(BIO_s_file_internal());
+	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
+	in = BIO_new(BIO_s_file_internal());
 	if (in == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
@@ -721,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 		goto end;
 		}
 
-	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+	x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+				ctx->default_passwd_callback_userdata);
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
 		goto end;
 		}
 
-	ret=SSL_CTX_use_certificate(ctx,x);
+	ret = SSL_CTX_use_certificate(ctx, x);
+
 	if (ERR_peek_error() != 0)
 		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
 	if (ret)
@@ -740,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 		int r;
 		unsigned long err;
 		
-		if (ctx->extra_certs != NULL) 
+		if (ctx->extra_certs != NULL)
 			{
 			sk_X509_pop_free(ctx->extra_certs, X509_free);
 			ctx->extra_certs = NULL;
 			}
 
-		while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+		while ((ca = PEM_read_bio_X509(in, NULL,
+					ctx->default_passwd_callback,
+					ctx->default_passwd_callback_userdata))
 			!= NULL)
 			{
 			r = SSL_CTX_add_extra_chain_cert(ctx, ca);