Clear OpenSSL error stack after loading certificate file.

Summary: SSL_CTX_load_verify_locations interally end up using X509_load_cert_crt_file, which has an unchecked call to X509_STORE_add_cert. This can fail and add an error to the error stack without causing SSL_CTX_load_verify_locations to return an error. Reviewed By: siyengar Differential Revision: D4442017 fbshipit-source-id: a4cf7f5ee2c18d90d5d61baf3acb99ffca6b8af0

Clear OpenSSL error stack after loading certificate file.
Summary: SSL_CTX_load_verify_locations interally end up using X509_load_cert_crt_file, which has an unchecked call to X509_STORE_add_cert. This can fail and add an error to the error stack without causing SSL_CTX_load_verify_locations to return an error. Reviewed By: siyengar Differential Revision: D4442017 fbshipit-source-id: a4cf7f5ee2c18d90d5d61baf3acb99ffca6b8af0
d9793261 · Kyle Nekritz · Facebook Github Bot · b9591985 · d9793261
Commit d9793261 authored Jan 20, 2017 by Kyle Nekritz Committed by Facebook Github Bot Jan 20, 2017
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

folly/io/async/SSLContext.cpp folly/io/async/SSLContext.cpp +1 -0

No files found.
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -342,6 +342,7 @@ void SSLContext::loadTrustedCertificates(const char* path) {
  if (SSL_CTX_load_verify_locations(ctx_, path, nullptr) == 0) {
    throw std::runtime_error("SSL_CTX_load_verify_locations: " + getErrors());
  }
+  ERR_clear_error();
 }
 void SSLContext::loadTrustedCertificates(X509_STORE* store) {