PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 0a5c08d71395eaa2e1fc3e1494619815d8b50a38..0781a4b67029c24a6ef0b8b8e61810d3682561e6 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -888,6 +888,8 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                        }
   
                X509_verify_cert(&xs_ctx);
+               /* Don't leave errors in the queue */
+               ERR_clear_error();
                for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                        {
                        x = sk_X509_value(xs_ctx.chain, i);

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 7f462250c7a2d8eb57c9b382356fee18893f0830..869a25d4764237f4c85123909e9cc6c907ca4c80 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -354,6 +354,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                                return(0);
                                }
                        X509_verify_cert(&xs_ctx);
+                       /* Don't leave errors in the queue */
+                       ERR_clear_error();
                        for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                                {
                                x = sk_X509_value(xs_ctx.chain, i);

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 16fda5d8bffe1944a4e21896af82ca0c7e455dcb..361cd9c978ee7a8f27f29d5d8d573b87aa589896 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -753,6 +753,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                        sk_X509_NAME_push(stack,xn);
                }
 
+       ERR_clear_error();
+
        if (0)
                {
 err: