From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 24 Jun 2015 11:28:50 +0000 (+0100)
Subject: Don't output bogus errors in PKCS12_parse
X-Git-Tag: OpenSSL_1_1_0-pre1~951
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=ffbf304d4832bd51bb0618f8ca5b7c26647ee664

Don't output bogus errors in PKCS12_parse

PR#3923

Reviewed-by: Tim Hudson <tjh@openssl.org>
---

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index a70fe72d09..fdddffbab4 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
     while ((x = sk_X509_pop(ocerts))) {
         if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
             if (X509_check_private_key(x, *pkey)) {
                 *cert = x;
                 x = NULL;
             }
+            ERR_pop_to_mark();
         }
 
         if (ca && x) {