diff options
| author |   jsing <jsing@openbsd.org> | 2015-09-12 19:54:31 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-09-12 19:54:31 +0000 |
| commit | 9ba095aa2b27074e08ce5e4dda9d2a647c191f00 (patch) | |
| tree | 76f5c710e6c26fb3f097941cb34a61987f85b05c /lib/libtls/tls_server.c | |
| parent | Unwrap a bunch of lines. (diff) | |
| download | wireguard-openbsd-9ba095aa2b27074e08ce5e4dda9d2a647c191f00.tar.xz wireguard-openbsd-9ba095aa2b27074e08ce5e4dda9d2a647c191f00.zip | |
Ensure that we clear the libssl error stack before we make a function call
that we will pass the result through tls_ssl_error() on failure. Otherwise
we can end up reporting spurious errors due to their being unrelated errors
already on the error stack.
Spotted by Marko Kreen.
ok beck@
Diffstat (limited to '')
| -rw-r--r-- | lib/libtls/tls_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c index 69baf5c1c21..1baf717c900 100644 --- a/lib/libtls/tls_server.c +++ b/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.16 2015/09/11 08:31:26 beck Exp $ */ +/* $OpenBSD: tls_server.c,v 1.17 2015/09/12 19:54:31 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -16,6 +16,7 @@ */ #include <openssl/ec.h> +#include <openssl/err.h> #include <openssl/ssl.h> #include <tls.h> @@ -167,6 +168,7 @@ tls_handshake_server(struct tls *ctx) goto err; } + ERR_clear_error(); if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); goto err; |