mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are

                                                         -*- coding: utf-8 -*-

Changes with Apache 2.4.38

  *) mod_ssl: clear *SSL errors before loading certificates and checking

     afterwards. Otherwise errors are reported when other SSL using modules

     are in play. Fixes PR 62880. [Michael Kaufmann]

  *) mod_ssl: Fix the error code returned in an error path of

     'ssl_io_filter_handshake()'. This messes-up error handling performed

     in 'ssl_io_filter_error()' [Yann Ylavic]

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  *) mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are

              not cleared beforehand.

     trunk patch: http://svn.apache.org/r1845768

     2.4.x patch: svn merge -c 1845768 ^/httpd/httpd/trunk .

     +1: icing, jim, minfrin

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

        ctx->extra_certs = NULL;

    }

#endif

    /* create new extra chain by loading the certs */

    n = 0;

    ERR_clear_error();

    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {

        if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {

            X509_free(x509);

        BIO_free(bio);

        return NULL;

    }

    /* create new extra chain by loading the certs */

    ERR_clear_error();

    while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {

        if (!other_certs) {

                other_certs = sk_X509_new_null();