mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
This commit is contained in:
parent
be06a9348d
commit
1fab73ac85
8
CHANGES
8
CHANGES
@ -4,7 +4,13 @@
|
||||
|
||||
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
||||
|
||||
*) EVP cipher enhancment. Add hooks for extra EVP features. This will allow
|
||||
*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
|
||||
the handshake is continued after ssl_verify_cert_chain();
|
||||
otherwise, if SSL_VERIFY_NONE is set, remaining error codes
|
||||
can lead to 'unexplainable' connection aborts later.
|
||||
[Bodo Moeller; problem tracked down by Lutz Jaenicke]
|
||||
|
||||
*) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
|
||||
various cipher parameters to be set in the EVP interface. Initially
|
||||
support added for variable key length ciphers via the
|
||||
EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
|
||||
|
@ -920,6 +920,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
|
||||
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
|
||||
goto err;
|
||||
}
|
||||
ERR_clear_error(); /* but we keep s->verify_result */
|
||||
|
||||
/* server's cert for this session */
|
||||
sc=ssl_sess_cert_new();
|
||||
|
@ -764,6 +764,7 @@ static int ssl3_get_server_certificate(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
|
||||
goto f_err;
|
||||
}
|
||||
ERR_clear_error(); /* but we keep s->verify_result */
|
||||
|
||||
sc=ssl_sess_cert_new();
|
||||
if (sc == NULL) goto err;
|
||||
|
Loading…
Reference in New Issue
Block a user