From 6315787ba30fe832ffb6cefaab2a30bf67f5d753 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Fri, 23 Nov 2018 14:57:22 +0000
Subject: [PATCH 274/504] mod_ssl: Fixes PR 62880 where certificate loading
 fails bc SSL ERRs are          not cleared beforehand. +1: icing, jim,
 minfrin

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1847280 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       | 4 ++++
 STATUS                        | 6 ------
 modules/ssl/ssl_engine_init.c | 2 ++
 modules/ssl/ssl_util_ocsp.c   | 2 ++
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b7b2be796c..753ed4b3a9 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1038,8 +1038,10 @@ static int use_certificate_chain(
         ctx->extra_certs = NULL;
     }
 #endif
+
     /* create new extra chain by loading the certs */
     n = 0;
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
         if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
             X509_free(x509);
diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index b11a6e924e..b66e15146c 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -363,7 +363,9 @@ static STACK_OF(X509) *modssl_read_ocsp_certificates(const char *file)
         BIO_free(bio);
         return NULL;
     }
+
     /* create new extra chain by loading the certs */
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
         if (!other_certs) {
                 other_certs = sk_X509_new_null();
-- 
2.19.1