From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 10:11:15 +0000 (+0200)
Subject: openssl: clear retry flag on x509 error
X-Git-Tag: rc-8_17_0-2~354
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=887b863b00b9893c20eb9e1f3987ceaeade1f774;p=thirdparty%2Fcurl.git

openssl: clear retry flag on x509 error

When loading the trust anchors and encountering an error, clear
a possibly set retry flag.

Reported in Joshua's sarif data

Closes #18724
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4d37f5e77f..1048bf5751 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -741,6 +741,7 @@ static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)
   if(!octx->x509_store_setup) {
     r2 = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
     if(r2) {
+      BIO_clear_retry_flags(bio);
       octx->io_result = r2;
       return -1;
     }