Clear OpenSSL errors on TSL error paths

author Mark Andrews <marka@isc.org>

Thu, 20 Jul 2023 03:32:50 +0000 (13:32 +1000)

committer Mark Andrews <marka@isc.org>

Fri, 1 Sep 2023 02:01:20 +0000 (12:01 +1000)
author Mark Andrews <marka@isc.org>
Thu, 20 Jul 2023 03:32:50 +0000 (13:32 +1000)
committer Mark Andrews <marka@isc.org>
Fri, 1 Sep 2023 02:01:20 +0000 (12:01 +1000)
diff --git a/lib/isc/tls.c b/lib/isc/tls.c

index b740af7023a673e3c0d565cb4557d82eca29bfff..314de8b6a601821323565da21ab8a18481a479f7 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1043,6 +1043,7 @@ isc_tlsctx_enable_peer_verification(isc_tlsctx_t *tlsctx, const bool is_server,
                         ret = X509_VERIFY_PARAM_set1_host(param, hostname, 0);
                 }
                 if (ret != 1) {
+                       ERR_clear_error();
                         return (ISC_R_FAILURE);
                 }
  
@@ -1093,6 +1094,7 @@ isc_tlsctx_load_client_ca_names(isc_tlsctx_t *ctx, const char *ca_bundle_file) {
  
         cert_names = SSL_load_client_CA_file(ca_bundle_file);
         if (cert_names == NULL) {
+               ERR_clear_error();
                 return (ISC_R_FAILURE);
         }
  
@@ -1133,6 +1135,7 @@ isc_tls_cert_store_create(const char *ca_bundle_filename,
         return (ISC_R_SUCCESS);
  
  error:
+       ERR_clear_error();
         if (store != NULL) {
                 X509_STORE_free(store);
         }
@@ -1614,6 +1617,7 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
  
         sess = SSL_get1_session(tls);
         if (sess == NULL) {
+               ERR_clear_error();
                 return;
         } else if (!ssl_session_seems_resumable(sess)) {
                 SSL_SESSION_free(sess);
author	Mark Andrews <marka@isc.org>
	Thu, 20 Jul 2023 03:32:50 +0000 (13:32 +1000)
committer	Mark Andrews <marka@isc.org>
	Fri, 1 Sep 2023 02:01:20 +0000 (12:01 +1000)