From: George Thessalonikefs Date: Sun, 3 Jul 2022 20:41:39 +0000 (+0200) Subject: - Fix for correct openssl error when adding windows CA certificates to X-Git-Tag: release-1.16.1rc1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a30286502c62c39c7ab5fcb928debbefc97e045d;p=thirdparty%2Funbound.git - Fix for correct openssl error when adding windows CA certificates to the openssl trust store. --- diff --git a/doc/Changelog b/doc/Changelog index 8e727f1ed..4edeb6d3a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ mode on openssl3. - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. - For #660: formatting, less verbose logging, add EDE information. + - Fix for correct openssl error when adding windows CA certificates to + the openssl trust store. 1 July 2022: George - Merge PR #706: NXNS fallback. diff --git a/util/net_help.c b/util/net_help.c index 114920e3f..8153dbdd1 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1162,10 +1162,11 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) (const unsigned char **)&pTargetCert->pbCertEncoded, pTargetCert->cbCertEncoded); if (!cert1) { + unsigned long error = ERR_get_error(); /* return error if a cert fails */ verbose(VERB_ALGO, "%s %d:%s", "Unable to parse certificate in memory", - (int)ERR_get_error(), ERR_error_string(ERR_get_error(), NULL)); + (int)error, ERR_error_string(error, NULL)); return 0; } else { @@ -1176,10 +1177,11 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) /* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the * certificate is already in the store. */ if(ERR_GET_LIB(error) != ERR_LIB_X509 || - ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + error = ERR_get_error(); verbose(VERB_ALGO, "%s %d:%s\n", - "Error adding certificate", (int)ERR_get_error(), - ERR_error_string(ERR_get_error(), NULL)); + "Error adding certificate", (int)error, + ERR_error_string(error, NULL)); X509_free(cert1); return 0; }