Clear OpenSSL error queue after failed X509_STORE_load_locations() call.

Leaving the error in the error queue used to be harmless, because the X509_STORE_load_locations() call used to be the last step in initialize_SSL(), and we would clear the queue before the next SSL_connect() call. But previous commit moved things around. The symptom was that if a CRL file was not found, and one of the subsequent initialization steps, like loading the client certificate or private key, failed, we would incorrectly print the "no such file" error message from the earlier X509_STORE_load_locations() call as the reason. Backpatch to all supported versions, like the previous patch.
author: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2016-10-07 12:53:45 +0300
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2016-10-07 12:53:45 +0300
commit: 418cd758abeb5bb7d359788a0599daa6de016b00 (patch)
tree: dce8ab1b70e8859a61e703a4e2cf7ae5b285a33f
parent: 31895abd8bf1bf1841b47116874bcb447b9d33b0 (diff)
download: postgresql-418cd758abeb5bb7d359788a0599daa6de016b00.tar.gz
postgresql-418cd758abeb5bb7d359788a0599daa6de016b00.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index a939a29743d..011042f03ee 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -1120,6 +1120,7 @@ initialize_SSL(PGconn *conn)
 #endif
 			}
 			/* if not found, silently ignore;  we do not require CRL */
+			ERR_clear_error();
 		}
 		have_rootcert = true;
 	}
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2016-10-07 12:53:45 +0300
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2016-10-07 12:53:45 +0300
commit	418cd758abeb5bb7d359788a0599daa6de016b00 (patch)
tree	dce8ab1b70e8859a61e703a4e2cf7ae5b285a33f
parent	31895abd8bf1bf1841b47116874bcb447b9d33b0 (diff)
download	postgresql-418cd758abeb5bb7d359788a0599daa6de016b00.tar.gz postgresql-418cd758abeb5bb7d359788a0599daa6de016b00.zip