File apache2-mod_ssl-clear-error-before-certificate-chain-load.patch of Package apache2.27541
From 6841cc7d69f9b2f091b43de8b076966d2c014a67 Mon Sep 17 00:00:00 2001
From: Zara <thezarazia@gmail.com>
Date: Tue, 28 Jan 2020 14:47:38 +0000
Subject: [PATCH 1/1] Backport Bugfix for 62880 (clear error queue before
loading CA chains)
This commit backports the fix found at:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62880
and applies it to the 2.4.23 release, to fix bug #1162027 .
Previously, OpenSSL's error queue was only checked after the
certificate chain had loaded, which resulted in this error message:
"AH01903: Failed to configure CA certificate chain!"
This fix clears OpenSSL's error queue before the certificate chain is
loaded, so that there will only be an error message if there is
actually an error when loading the chain.
---
modules/ssl/ssl_engine_init.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 9adca48acd..60243772bf 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -881,6 +881,9 @@ static int use_certificate_chain(
ctx->extra_certs = NULL;
}
#endif
+
+ ERR_clear_error();
+
/* create new extra chain by loading the certs */
n = 0;
while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
--
2.23.0