Clear OpenSSL error stack after loading certificate file.

Summary: SSL_CTX_load_verify_locations interally end up using X509_load_cert_crt_file, which has an unchecked call to X509_STORE_add_cert. This can fail and add an error to the error stack without causing SSL_CTX_load_verify_locations to return an error.

Reviewed By: siyengar

Differential Revision: D4442017

fbshipit-source-id: a4cf7f5ee2c18d90d5d61baf3acb99ffca6b8af0

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index 7a0c9993fdc81dfe35085d1c9570fc2770e85c06..dd28da58fb7236629103f1bb0196a40af7ebe42a 100644 (file)
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -342,6 +342,7 @@ void SSLContext::loadTrustedCertificates(const char* path) {
   if (SSL_CTX_load_verify_locations(ctx_, path, nullptr) == 0) {
     throw std::runtime_error("SSL_CTX_load_verify_locations: " + getErrors());
   }
+  ERR_clear_error();
 }
 
 void SSLContext::loadTrustedCertificates(X509_STORE* store) {