Commit 1fab73ac authored May 27, 2000 by Bodo Möller

Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.

parent be06a934

CHANGES

+7 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,13 @@

		Changes between 0.9.5a and 0.9.6 [xx XXX 2000]

		*) EVP cipher enhancment. Add hooks for extra EVP features. This will allow
		*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
		the handshake is continued after ssl_verify_cert_chain();
		otherwise, if SSL_VERIFY_NONE is set, remaining error codes
		can lead to 'unexplainable' connection aborts later.
		[Bodo Moeller; problem tracked down by Lutz Jaenicke]

		*) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
		various cipher parameters to be set in the EVP interface. Initially
		support added for variable key length ciphers via the
		EVP_CIPHER_CTX_set_key_length() function. Other cipher specific

ssl/s2_clnt.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -920,6 +920,7 @@ int ssl2_set_certificate(SSL s, int type, int len, unsigned char data)
		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
		goto err;
		}
		ERR_clear_error(); /* but we keep s->verify_result */

		/* server's cert for this session */
		sc=ssl_sess_cert_new();

ssl/s3_clnt.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -764,6 +764,7 @@ static int ssl3_get_server_certificate(SSL *s)
		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
		goto f_err;
		}
		ERR_clear_error(); /* but we keep s->verify_result */

		sc=ssl_sess_cert_new();
		if (sc == NULL) goto err;