PR: 1731 and maybe 2197
authorDr. Stephen Henson <steve@openssl.org>
Wed, 24 Mar 2010 23:17:15 +0000 (23:17 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 24 Mar 2010 23:17:15 +0000 (23:17 +0000)
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

ssl/d1_both.c
ssl/s3_both.c
ssl/ssl_cert.c

index 7ca3405..0242f1e 100644 (file)
@@ -886,6 +886,8 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                        }
   
                X509_verify_cert(&xs_ctx);
+               /* Don't leave errors in the queue */
+               ERR_clear_error();
                for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                        {
                        x = sk_X509_value(xs_ctx.chain, i);
index 16d9261..a6d869d 100644 (file)
@@ -352,6 +352,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                                return(0);
                                }
                        X509_verify_cert(&xs_ctx);
+                       /* Don't leave errors in the queue */
+                       ERR_clear_error();
                        for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
                                {
                                x = sk_X509_value(xs_ctx.chain, i);
index be51b42..27256ee 100644 (file)
@@ -755,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                        sk_X509_NAME_push(stack,xn);
                }
 
+       ERR_clear_error();
+
        if (0)
                {
 err: