git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Thu, 2 Apr 2020 10:38:21 +0000 (12:38 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 2 Apr 2020 18:44:02 +0000 (20:44 +0200)
commit	15bc476f80e66cee8e2bfba96879ef32e01380b5
tree	c49653bd5271f5e7ae59f32832e84898c70be4c2	tree \| snapshot
parent	22df79bb3ba3a5ecce964df223288e99f39e5a12	commit \| diff

Fix OpenSSL error stack handling of tls_ctx_add_extra_certs

Commit f67efa94 exposed that tls_ctx_add_extra_certs will always leave
an error of PEM_R_NO_START_LINE on the stack that will printed the next
time that the error is printed.

Fix this by discarding this error. Also clean up the logic to report
real error on other errors and also the no start line error if no
certificate can be found at all and it is required (--extra-certs
config option)

Patch V2: fix optional flag was flipped betwen --cert and --extra-certs
Patch V3: Make logic more easy to follow, no functional changes

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20200402103821.10347-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19685.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 3608d890583549dbdbefc40ed41bf617fa518aa1)