BUG/MINOR: ssl: clear the SSL errors on DH loading failure

In ssl_sock_load_dh_params(), if haproxy failed to apply the dhparam
with SSL_CTX_set_tmp_dh(), it will apply the DH with
SSL_CTX_set_dh_auto().

The problem is that we don't clean the OpenSSL errors when leaving this
function so it could fail to load the certificate, even if it's only a
warning.

Fixes bug #483.

Must be backported in 2.1.

(cherry picked from commit 4dd145a888c7679812664bf2f246fa8199e94ab0)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2baf4ae..5bc5b49 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2922,6 +2922,7 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
        }
 
 end:
+       ERR_clear_error();
        return ret;
 }
 #endif