#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by kevin8t8):
The attached patch clears out the bogus "no start line", which does indeed
occur when PEM_read_X509() hits EOF. It also clears out the error queue
just before the call to SSL_connect(), just to make sure nothing old is in
there.
This patch uses the approach in the PEM_read() notes: peeking and clearing
out if is PEM_R_NO_START_LINE. However, I wonder if we should **always**
call ERR_clear_error() after the PEM_read_X509() loops. I don't think we
want any kind of error from the PEM_read_X509() call showing as the
SSL_connect() error message.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:19>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
