diff options
authorTim Costen <>2019-11-13 12:52:44 (GMT)
committerTim Costen <>2019-11-13 15:28:52 (GMT)
commit7d79cd827fb17db7b03858b06f03c514d25cdfea (patch)
parentd640ec248ca8bf86a03007a0f8df352df696cf92 (diff)
Clear internal error state after cert chain parse
When parsing a PEM string containing a chain of certificates, createCertificateChain calls PEM_read_bio_X509 until it returns NULL (end of chain). But this will have set OpenSSL's internal error chain. Creating a new OpenSSL context has the side effect of clearing this chain, but if you are using a context which has already been created, the context sees that the error chain is set and fails. All that is needed is for createCertificateChain to clear the OpenSSL error chain before returning. JIRA: LINK-1868 Change-Id: Ife2a3dabfeecff9e430648d63e4b4ba001e80a00
1 files changed, 6 insertions, 0 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
index fd94ec8..73058a5 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
@@ -7,6 +7,7 @@
#include <Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h>
#include <openssl/pem.h>
+#include <openssl/err.h>
namespace Swift {
@@ -44,6 +45,11 @@ std::vector<std::shared_ptr<Certificate>> OpenSSLCertificateFactory::createCerti
+ // Clear any (expected) errors which resulted from PEM parsing
+ // If we don't do this, any existing TLS context will detect these
+ // spurious errors and fail to work
+ ERR_clear_error();
return certificateChain;