Don't output bogus errors in PKCS12_parse

author Dr. Stephen Henson <steve@openssl.org>

Wed, 24 Jun 2015 11:28:50 +0000 (12:28 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 25 Jun 2015 03:55:56 +0000 (04:55 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 24 Jun 2015 11:28:50 +0000 (12:28 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 25 Jun 2015 03:55:56 +0000 (04:55 +0100)
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c

index ee476c38f4a733102cbb3b650e89766b639cde76..9aa3c90c4e5726f34ef6f1d14b5eb8c463609799 100644 (file)
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
  
      while ((x = sk_X509_pop(ocerts))) {
          if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
              if (X509_check_private_key(x, *pkey)) {
                  *cert = x;
                  x = NULL;
              }
+            ERR_pop_to_mark();
          }
  
          if (ca && x) {
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 24 Jun 2015 11:28:50 +0000 (12:28 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 25 Jun 2015 03:55:56 +0000 (04:55 +0100)