diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-10-07 12:53:42 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-10-07 12:53:42 +0300 |
| commit | f0ca540374ee89b45bce83b499327ffd934344a8 (patch) | |
| tree | 0019520ab2628d7b8203b0ecdf551fee6b46827f /src | |
| parent | cb38c056fda53234dcc7f7d10bd08dd5a277c92e (diff) | |
| download | postgresql-f0ca540374ee89b45bce83b499327ffd934344a8.tar.gz postgresql-f0ca540374ee89b45bce83b499327ffd934344a8.zip | |
Clear OpenSSL error queue after failed X509_STORE_load_locations() call.
Leaving the error in the error queue used to be harmless, because the
X509_STORE_load_locations() call used to be the last step in
initialize_SSL(), and we would clear the queue before the next
SSL_connect() call. But previous commit moved things around. The symptom
was that if a CRL file was not found, and one of the subsequent
initialization steps, like loading the client certificate or private key,
failed, we would incorrectly print the "no such file" error message from
the earlier X509_STORE_load_locations() call as the reason.
Backpatch to all supported versions, like the previous patch.
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index fc723cc083b..0d0a3660f50 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -999,6 +999,7 @@ initialize_SSL(PGconn *conn) #endif } /* if not found, silently ignore; we do not require CRL */ + ERR_clear_error(); } have_rootcert = true; } |