From: Kyle Nekritz <knekritz@fb.com>
Date: Fri, 20 Jan 2017 17:02:40 +0000 (-0800)
Subject: Clear OpenSSL error stack after loading certificate file.
X-Git-Tag: v2017.03.06.00~91
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;ds=sidebyside;h=d97932619c6a70dc855c51688b88231ad47bb853;p=folly.git

Clear OpenSSL error stack after loading certificate file.

Summary: SSL_CTX_load_verify_locations interally end up using X509_load_cert_crt_file, which has an unchecked call to X509_STORE_add_cert. This can fail and add an error to the error stack without causing SSL_CTX_load_verify_locations to return an error.

Reviewed By: siyengar

Differential Revision: D4442017

fbshipit-source-id: a4cf7f5ee2c18d90d5d61baf3acb99ffca6b8af0
---

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index 7a0c9993..dd28da58 100644
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -342,6 +342,7 @@ void SSLContext::loadTrustedCertificates(const char* path) {
   if (SSL_CTX_load_verify_locations(ctx_, path, nullptr) == 0) {
     throw std::runtime_error("SSL_CTX_load_verify_locations: " + getErrors());
   }
+  ERR_clear_error();
 }
 
 void SSLContext::loadTrustedCertificates(X509_STORE* store) {