packages/net/haproxy/patches/0013-BUG-MEDIUM-ssl-loading-dh-param-from-certifile-causes-unpredictable-error.patch

commit 399714287a04d6b453ba95e4a3904a7644827d0b
Author: Emeric Brun <ebrun@haproxy.com>
Date:   Thu Aug 16 15:14:12 2018 +0200

    BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
    
    If the dh parameter is not found, the openssl's error global
    stack was not correctly cleared causing unpredictable error
    during the following parsing (chain cert parsing for instance).
    
    This patch should be backported in 1.8 (and perhaps 1.7)
    
    (cherry picked from commit e1b4ed4352619f985d7d65f5d95a830ef5775c46)
    Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9f0ff1f0..9be2fc4c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2597,6 +2597,8 @@ end:
         if (in)
                 BIO_free(in);
 
+	ERR_clear_error();
+
 	return dh;
 }
haproxy: Update all patches for HAProxy v1.8.13 - Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.13.html) - Raise PKG_RELEASE to 2 Signed-off-by: Christian Lachner <gladiac@gmail.com> 2018-08-25 16:51:06 +00:00			`commit 399714287a04d6b453ba95e4a3904a7644827d0b`
			`Author: Emeric Brun <ebrun@haproxy.com>`
			`Date: Thu Aug 16 15:14:12 2018 +0200`

			`BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.`

			`If the dh parameter is not found, the openssl's error global`
			`stack was not correctly cleared causing unpredictable error`
			`during the following parsing (chain cert parsing for instance).`

			`This patch should be backported in 1.8 (and perhaps 1.7)`

			`(cherry picked from commit e1b4ed4352619f985d7d65f5d95a830ef5775c46)`
			`Signed-off-by: Willy Tarreau <w@1wt.eu>`

			`diff --git a/src/ssl_sock.c b/src/ssl_sock.c`
			`index 9f0ff1f0..9be2fc4c 100644`
			`--- a/src/ssl_sock.c`
			`+++ b/src/ssl_sock.c`
			`@@ -2597,6 +2597,8 @@ end:`
			`if (in)`
			`BIO_free(in);`

			`+ ERR_clear_error();`
			`+`
			`return dh;`
			`}`