48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
From 6315787ba30fe832ffb6cefaab2a30bf67f5d753 Mon Sep 17 00:00:00 2001
|
|
From: Graham Leggett <minfrin@apache.org>
|
|
Date: Fri, 23 Nov 2018 14:57:22 +0000
|
|
Subject: [PATCH 274/504] mod_ssl: Fixes PR 62880 where certificate loading
|
|
fails bc SSL ERRs are not cleared beforehand. +1: icing, jim,
|
|
minfrin
|
|
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1847280 13f79535-47bb-0310-9956-ffa450edef68
|
|
---
|
|
CHANGES | 4 ++++
|
|
STATUS | 6 ------
|
|
modules/ssl/ssl_engine_init.c | 2 ++
|
|
modules/ssl/ssl_util_ocsp.c | 2 ++
|
|
4 files changed, 8 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
|
index b7b2be796c..753ed4b3a9 100644
|
|
--- a/modules/ssl/ssl_engine_init.c
|
|
+++ b/modules/ssl/ssl_engine_init.c
|
|
@@ -1038,8 +1038,10 @@ static int use_certificate_chain(
|
|
ctx->extra_certs = NULL;
|
|
}
|
|
#endif
|
|
+
|
|
/* create new extra chain by loading the certs */
|
|
n = 0;
|
|
+ ERR_clear_error();
|
|
while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
|
|
if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
|
|
X509_free(x509);
|
|
diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
|
|
index b11a6e924e..b66e15146c 100644
|
|
--- a/modules/ssl/ssl_util_ocsp.c
|
|
+++ b/modules/ssl/ssl_util_ocsp.c
|
|
@@ -363,7 +363,9 @@ static STACK_OF(X509) *modssl_read_ocsp_certificates(const char *file)
|
|
BIO_free(bio);
|
|
return NULL;
|
|
}
|
|
+
|
|
/* create new extra chain by loading the certs */
|
|
+ ERR_clear_error();
|
|
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
|
|
if (!other_certs) {
|
|
other_certs = sk_X509_new_null();
|
|
--
|
|
2.19.1
|
|
|