From 20c6464924411f78acb77f5a0fbae4d599cd899a Mon Sep 17 00:00:00 2001
From: Nanang Izzuddin <nanang@teluu.com>
Date: Tue, 27 Oct 2009 02:21:28 +0000
Subject: Ticket #957:  - Fixed SSL socket unit test issues (mostly on Linux
 platform): let OS manage the binding port (specify port to 0), use
 pj_sockaddr_get_len() instead of sizeof() for sockaddr size, DOS eol format
 for certificate and private key files.  - Temporary fix for
 SSL_CTX_use_certificate_chain_file() false error alarm (after previous
 OpenSSL handshake error), by clearing OpenSSL thread error queue in
 reset_ssl_sock_state()

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2971 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjlib/src/pj/ssl_sock_ossl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'pjlib/src/pj')

diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index eca60d2e..01dd1ced 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -479,6 +479,14 @@ static void reset_ssl_sock_state(pj_ssl_sock_t *ssock)
 	pj_sock_close(ssock->sock);
 	ssock->sock = PJ_INVALID_SOCKET;
     }
+
+    /* Upon error, OpenSSL may leave any error description in the thread 
+     * error queue, which sometime may cause next call to SSL API returning
+     * false error alarm, e.g: in Linux, SSL_CTX_use_certificate_chain_file()
+     * returning false error after a handshake error (in different SSL_CTX!).
+     * For now, just clear thread error queue here.
+     */
+    ERR_clear_error();
 }
 
 
-- 
cgit v1.2.3