Ensure that we clear the libssl error stack before we make a function call

that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
author: jsing <> 2015-09-12 19:54:31 +0000
committer: jsing <> 2015-09-12 19:54:31 +0000
commit: b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a (patch)
tree: 6d7005f84ef8db59b7b30dd91562d159028dd12d /src/lib/libtls/tls_server.c
parent: 20f4bd301fadc705b6737e3b7fcac043b8ffb21a (diff)
download: openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.tar.gz
openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.tar.bz2
openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 69baf5c1c2..1baf717c90 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.16 2015/09/11 08:31:26 beck Exp $ */
+/* $OpenBSD: tls_server.c,v 1.17 2015/09/12 19:54:31 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -16,6 +16,7 @@
 */
 #include <openssl/ec.h>
+#include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <tls.h>
@@ -167,6 +168,7 @@ tls_handshake_server(struct tls *ctx)
                goto err;
        }
+        ERR_clear_error();
        if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
                rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
                goto err;
author	jsing <>	2015-09-12 19:54:31 +0000
committer	jsing <>	2015-09-12 19:54:31 +0000
commit	b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a (patch)
tree	6d7005f84ef8db59b7b30dd91562d159028dd12d /src/lib/libtls/tls_server.c
parent	20f4bd301fadc705b6737e3b7fcac043b8ffb21a (diff)
download	openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.tar.gz openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.tar.bz2 openbsd-b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a.zip