Clear OpenSSL errors on d2i_ASN1_OBJECT failures

When d2i_ASN1_OBJECT() fails an error is pushed onto the thread's
error stack.  This is now cleared by calling ERR_clear_error().

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 13218d069cb5519df04e98715eb975cae6aa14fa..45700291525fd3ff08a70dd5e68a04d5cc30e2db 100644 (file)
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -17,6 +17,7 @@
 #include <inttypes.h>
 #include <stdbool.h>
 
+#include <openssl/err.h>
 #include <openssl/objects.h>
 
 #include <isc/ascii.h>
@@ -623,6 +624,7 @@ check_private(isc_buffer_t *source, dns_secalg_t alg) {
                in = sr.base;
                obj = d2i_ASN1_OBJECT(NULL, &in, sr.length);
                if (obj == NULL) {
+                       ERR_clear_error();
                        RETERR(DNS_R_FORMERR);
                }
                ASN1_OBJECT_free(obj);