From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Fri, 15 May 2020 03:12:04 +0000 (-0400)
Subject: Flush the OpenSSL error queue before each BIO op.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Ftls-debug;p=thirdparty%2Fpostfix.git

Flush the OpenSSL error queue before each BIO op.
---

diff --git a/postfix/src/tls/tls_bio_ops.c b/postfix/src/tls/tls_bio_ops.c
index 93d3535d7..39818f815 100644
--- a/postfix/src/tls/tls_bio_ops.c
+++ b/postfix/src/tls/tls_bio_ops.c
@@ -196,6 +196,12 @@ int     tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
      * handling any pending network I/O.
      */
     for (;;) {
+        /*
+         * Flush stale data from SSL error queue, stale errors can confuse
+         * SSL_get_error().
+         */
+        ERR_clear_error();
+
 	if (hsfunc)
 	    status = hsfunc(TLScontext->con);
 	else if (rfunc)