changeset: 6952:e82253beaa9f user: Kevin McCarthy <ke...@8t8.us> date: Thu Mar 02 13:11:52 2017 -0800 link: http://dev.mutt.org/hg/mutt/rev/e82253beaa9f
Clear out extraneous errors before SSL_connect() (see #3916) Call ERR_clear_error() just before the call to SSL_connect() to make sure the error queue doesn't have any old errors in it. PEM_read_X509() sets an error PEM_R_NO_START_LINE on end-of-file. Clear that out so it doesn't show up as the SSL_connect() error message. changeset: 6953:28d7872d0646 user: Kevin McCarthy <ke...@8t8.us> date: Thu Mar 02 13:17:50 2017 -0800 link: http://dev.mutt.org/hg/mutt/rev/28d7872d0646 merge stable diffs (46 lines): diff -r f85c3eb8d065 -r 28d7872d0646 mutt_ssl.c --- a/mutt_ssl.c Fri Feb 24 11:00:38 2017 -0800 +++ b/mutt_ssl.c Thu Mar 02 13:17:50 2017 -0800 @@ -99,6 +99,7 @@ X509 *cert = NULL; X509_STORE *store; char buf[STRING]; + int rv = 1; dprint (2, (debugfile, "ssl_load_certificates: loading trusted certificates\n")); store = SSL_CTX_get_cert_store (ctx); @@ -124,10 +125,15 @@ X509_STORE_add_cert (store, cert); } } + /* PEM_read_X509 sets the error NO_START_LINE on eof */ + if (ERR_GET_REASON(ERR_peek_last_error()) != PEM_R_NO_START_LINE) + rv = 0; + ERR_clear_error(); + X509_free (cert); safe_fclose (&fp); - return 1; + return rv; } /* mutt_ssl_starttls: Negotiate TLS over an already opened connection. @@ -485,6 +491,7 @@ SSL_set_verify (ssldata->ssl, SSL_VERIFY_PEER, ssl_verify_callback); SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY); + ERR_clear_error (); if ((err = SSL_connect (ssldata->ssl)) != 1) { @@ -771,6 +778,9 @@ if (pass) break; } + /* PEM_read_X509 sets an error on eof */ + if (!pass) + ERR_clear_error(); X509_free (cert); safe_fclose (&fp);
