diff options
author | Tim Costen <tim.costen@isode.com> | 2019-11-13 12:52:44 (GMT) |
---|---|---|
committer | Tim Costen <timcosten64@gmail.com> | 2019-11-13 15:28:52 (GMT) |
commit | 7d79cd827fb17db7b03858b06f03c514d25cdfea (patch) | |
tree | 3b048eaae411f9196253302acefe0e8368503131 /Swiften/TLS | |
parent | d640ec248ca8bf86a03007a0f8df352df696cf92 (diff) | |
download | swift-7d79cd827fb17db7b03858b06f03c514d25cdfea.zip swift-7d79cd827fb17db7b03858b06f03c514d25cdfea.tar.bz2 |
Clear internal error state after cert chain parse
When parsing a PEM string containing a chain of
certificates, createCertificateChain calls
PEM_read_bio_X509 until it returns NULL (end of chain). But
this will have set OpenSSL's internal error chain. Creating
a new OpenSSL context has the side effect of clearing this chain,
but if you are using a context which has already been created,
the context sees that the error chain is set and fails.
All that is needed is for createCertificateChain to clear the
OpenSSL error chain before returning.
JIRA: LINK-1868
Change-Id: Ife2a3dabfeecff9e430648d63e4b4ba001e80a00
Diffstat (limited to 'Swiften/TLS')
-rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp index fd94ec8..73058a5 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp @@ -7,6 +7,7 @@ #include <Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h> #include <openssl/pem.h> +#include <openssl/err.h> namespace Swift { @@ -44,6 +45,11 @@ std::vector<std::shared_ptr<Certificate>> OpenSSLCertificateFactory::createCerti } } + // Clear any (expected) errors which resulted from PEM parsing + // If we don't do this, any existing TLS context will detect these + // spurious errors and fail to work + ERR_clear_error(); + return certificateChain; } |