*) mod_ssl: clear *SSL errors before loading certificates and checking

     afterwards. Otherwise errors are reported when other SSL using modules
     are in play. Fixes PR 62880. [Michael Kaufmann]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1845768 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 8 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 5e4d4d49cf..bc0d220193 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: clear *SSL errors before loading certificates and checking
+     afterwards. Otherwise errors are reported when other SSL using modules
+     are in play. Fixes PR 62880. [Michael Kaufmann]
+
   *) mod_ssl: Correctly merge configurations that have client certificates set
      by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 654ea052a7..972ce1adc4 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1063,8 +1063,10 @@ static int use_certificate_chain(
         ctx->extra_certs = NULL;
     }
 #endif
+
     /* create new extra chain by loading the certs */
     n = 0;
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
         if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
             X509_free(x509);
diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index b11a6e924e..b66e15146c 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -363,7 +363,9 @@ static STACK_OF(X509) *modssl_read_ocsp_certificates(const char *file)
         BIO_free(bio);
         return NULL;
     }
+
     /* create new extra chain by loading the certs */
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
         if (!other_certs) {
                 other_certs = sk_X509_new_null();