From b23c8f0c7e56fd5c6e99bcad0ec4f4a085be2d6a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 12 Sep 2015 19:54:31 +0000
Subject: Ensure that we clear the libssl error stack before we make a function
 call that we will pass the result through tls_ssl_error() on failure.
 Otherwise we can end up reporting spurious errors due to their being
 unrelated errors already on the error stack.

Spotted by Marko Kreen.

ok beck@
---
 src/lib/libtls/tls_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libtls/tls_client.c')

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 2aca519f8b..047831e59f 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.27 2015/09/11 12:56:55 beck Exp $ */
+/* $OpenBSD: tls_client.c,v 1.28 2015/09/12 19:54:31 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 
+#include <openssl/err.h>
 #include <openssl/x509.h>
 
 #include <tls.h>
@@ -251,6 +252,7 @@ tls_handshake_client(struct tls *ctx)
 		goto err;
 	}
 
+	ERR_clear_error();
 	if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
 		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
 		goto err;
-- 
cgit v1.2.3-55-g6feb