clean up SSL errors on OCSP soft fail

author Alan T. DeKok <aland@freeradius.org>

Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)
author Alan T. DeKok <aland@freeradius.org>
Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)
diff --git a/src/main/tls.c b/src/main/tls.c

index 34072eb60943e098e052f83735330cd89d0756d4..79e72a042aab53835d1abfb8e9a35f4b78a3a5df 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1670,6 +1670,9 @@ ocsp_end:
                         RWDEBUG("ocsp: Unable to check certificate, assuming it's valid");
                         RWDEBUG("ocsp: This may be insecure");
                         ocsp_ok = 1;
+
+                       /* Remove OpenSSL errors from queue or handshake will fail */
+                       while (ERR_get_error());
                 } else {
                         REDEBUG("ocsp: Unable to check certificate, failing");
                         ocsp_ok = 0;
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)