From: Antoine Pitrou <solipsis@pitrou.net>
Date: Sun, 16 May 2010 23:11:46 +0000 (+0000)
Subject: Clear the OpenSSL error queue each time an error is signalled.
X-Git-Tag: v2.7rc1~142
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=508a237c9791e9e4913d6e61f006aabec0f7ea7d;p=thirdparty%2FPython%2Fcpython.git

Clear the OpenSSL error queue each time an error is signalled.
When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
---

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index eb5e80fb8167..fe029ceef66d 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -196,6 +196,7 @@ PySSL_SetError(PySSLObject *obj, int ret, char *filename, int lineno)
                     errstr = "EOF occurred in violation of protocol";
                 } else if (ret == -1) {
                     /* underlying BIO reported an I/O error */
+                    ERR_clear_error();
                     return obj->Socket->errorhandler();
                 } else { /* possible? */
                     p = PY_SSL_ERROR_SYSCALL;
@@ -228,6 +229,7 @@ PySSL_SetError(PySSLObject *obj, int ret, char *filename, int lineno)
         errstr = ERR_error_string(ERR_peek_last_error(), NULL);
     }
     PyOS_snprintf(buf, sizeof(buf), "_ssl.c:%d: %s", lineno, errstr);
+    ERR_clear_error();
     v = Py_BuildValue("(is)", p, buf);
     if (v != NULL) {
         PyErr_SetObject(PySSLErrorObject, v);
@@ -247,6 +249,7 @@ _setSSLError (char *errstr, int errcode, char *filename, int lineno) {
         errstr = ERR_error_string(errcode, NULL);
     }
     PyOS_snprintf(buf, sizeof(buf), "_ssl.c:%d: %s", lineno, errstr);
+    ERR_clear_error();
     v = Py_BuildValue("(is)", errcode, buf);
     if (v != NULL) {
         PyErr_SetObject(PySSLErrorObject, v);