From 1fab73ac856225762dae9ef738e792b5ccbd8a32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 27 May 2000 22:25:01 +0000 Subject: [PATCH] Bugfix: clear error queue after ignoring ssl_verify_cert_chain result. --- CHANGES | 8 +++++++- ssl/s2_clnt.c | 1 + ssl/s3_clnt.c | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index ad61f13440..e57e0f4fc6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,13 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] - *) EVP cipher enhancment. Add hooks for extra EVP features. This will allow + *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when + the handshake is continued after ssl_verify_cert_chain(); + otherwise, if SSL_VERIFY_NONE is set, remaining error codes + can lead to 'unexplainable' connection aborts later. + [Bodo Moeller; problem tracked down by Lutz Jaenicke] + + *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow various cipher parameters to be set in the EVP interface. Initially support added for variable key length ciphers via the EVP_CIPHER_CTX_set_key_length() function. Other cipher specific diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 6ff6a51362..47dd09c286 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -920,6 +920,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } + ERR_clear_error(); /* but we keep s->verify_result */ /* server's cert for this session */ sc=ssl_sess_cert_new(); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0c8f551f73..6a09d6aa8a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -764,6 +764,7 @@ static int ssl3_get_server_certificate(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; } + ERR_clear_error(); /* but we keep s->verify_result */ sc=ssl_sess_cert_new(); if (sc == NULL) goto err; -- GitLab