# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1378315022 -14400
# Node ID 6c35a1f428f29a44524bb911c28452b84982ee56
# Parent  941c5e3561ed805ebe8dad00ec9646b8c0d6b9fa
SSL: clear error queue after SSL_CTX_load_verify_locations().

The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -363,6 +363,13 @@ ngx_ssl_client_certificate(ngx_conf_t *c
         return NGX_ERROR;
     }
 
+    /*
+     * SSL_CTX_load_verify_locations() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
+
     list = SSL_load_client_CA_file((char *) cert->data);
 
     if (list == NULL) {
@@ -407,6 +414,13 @@ ngx_ssl_trusted_certificate(ngx_conf_t *
         return NGX_ERROR;
     }
 
+    /*
+     * SSL_CTX_load_verify_locations() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
+
     return NGX_OK;
 }