openssl: clear retry flag on x509 error

When loading the trust anchors and encountering an error, clear
a possibly set retry flag.

Reported in Joshua's sarif data

Closes #18724

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4d37f5e77f20dd30d9ac5ba35910b0e56c64a424..1048bf5751c1c40a6e101343a439fb9272e38040 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -741,6 +741,7 @@ static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)
   if(!octx->x509_store_setup) {
     r2 = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
     if(r2) {
+      BIO_clear_retry_flags(bio);
       octx->io_result = r2;
       return -1;
     }