From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 7 Dec 2015 17:01:15 +0000 (-0500)
Subject: clean up SSL errors on OCSP soft fail
X-Git-Tag: release_3_0_11~107
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca483b1042d8fec4a750725d1ec518baae2cb52a;p=thirdparty%2Ffreeradius-server.git

clean up SSL errors on OCSP soft fail
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 34072eb6094..79e72a042aa 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1670,6 +1670,9 @@ ocsp_end:
 			RWDEBUG("ocsp: Unable to check certificate, assuming it's valid");
 			RWDEBUG("ocsp: This may be insecure");
 			ocsp_ok = 1;
+
+			/* Remove OpenSSL errors from queue or handshake will fail */
+			while (ERR_get_error());
 		} else {
 			REDEBUG("ocsp: Unable to check certificate, failing");
 			ocsp_ok = 0;