From: Emeric Brun <ebrun@haproxy.com>
Date: Thu, 16 Aug 2018 13:14:12 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
X-Git-Tag: v1.9-dev2~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1b4ed4352619f985d7d65f5d95a830ef5775c46;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.

If the dh parameter is not found, the openssl's error global
stack was not correctly cleared causing unpredictable error
during the following parsing (chain cert parsing for instance).

This patch should be backported in 1.8 (and perhaps 1.7)
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a0bea59553..813b599218 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2607,6 +2607,8 @@ end:
         if (in)
                 BIO_free(in);
 
+	ERR_clear_error();
+
 	return dh;
 }