SSL: clear error queue after SSL_CTX_load_verify_locations().

author Maxim Dounin <mdounin@mdounin.ru>

Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)

committer Maxim Dounin <mdounin@mdounin.ru>

Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)
author Maxim Dounin <mdounin@mdounin.ru>
Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)
committer Maxim Dounin <mdounin@mdounin.ru>
Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 50746e7ac257eca79f454c524d849370a3d0f06e..f2419e46622b48ee1b37440c2b3a003e15120ba3 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -363,6 +363,13 @@ ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
          return NGX_ERROR;
      }
  
+    /*
+     * SSL_CTX_load_verify_locations() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
+
      list = SSL_load_client_CA_file((char *) cert->data);
  
      if (list == NULL) {
@@ -407,6 +414,13 @@ ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
          return NGX_ERROR;
      }
  
+    /*
+     * SSL_CTX_load_verify_locations() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
+
      return NGX_OK;
  }
author	Maxim Dounin <mdounin@mdounin.ru>
	Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Wed, 4 Sep 2013 17:17:02 +0000 (21:17 +0400)