diff options
| author | Viktor Szakats <commit@vsz.me> | 2025-08-09 00:45:34 +0200 |
|---|---|---|
| committer | Viktor Szakats <commit@vsz.me> | 2025-08-13 18:54:08 +0200 |
| commit | 3eb00fa79540f1f6069af6c03ed8bbd7d04e17e3 (patch) | |
| tree | 6791ea6568501f9d33e41e741cda874605d948c0 /lib/dict.c | |
| parent | 2a46df31fdb91851895bc46d81f0065e6cafc80b (diff) | |
openssl: save and restore OpenSSL error queue in two functionsHEADorigin/masterorigin/HEADmasterfor-upstream
After merging #18228, I reviewed whether the clearing of the error queue
may interfere with preceding code. Turns out there may be a preceding
`SSL_Connect()` call.
This patch replaces the previous fix of clearing the error queue with
saving and restoring it in two functions which may be called between
the connect call and the `SSL_get_error()` call following it:
- `ossl_log_tls12_secret()`
- `Curl_ssl_setup_x509_store()`
The `ERR_set_mark()`, `ERR_pop_to_mark()` functions are present in all
supported OpenSSL and LibreSSL versions. Also in BoringSSL since its
initial commit.
OpenSSL may modify its error queue in all API calls that can fail.
Thanks-to: Viktor Dukhovni
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3167702142
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169211739
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169988050
Follow-up to 8ec241bc990bc88c4f4f7275d81f9fb75b562a7a #18228 #18190
Ref: e8b00fcd6a0c7ff179cebb3615ccebf1f6790b69 #10432 #10389
Fixes #18190
Closes #18234
Diffstat (limited to 'lib/dict.c')
0 files changed, 0 insertions, 0 deletions