commit b51bda3df396de582f9a275eb04e1ce54df9705f
author Jean-Paul Calderone <exarkun@twistedmatrix.com> Wed May 04 16:57:45 2011 -0400
committer Jean-Paul Calderone <exarkun@twistedmatrix.com> Wed May 04 16:57:45 2011 -0400
tree dee81866d961c322dc2b1c2494cf780e7fccf9c2
parent 9da338dcc0d8374bdfe3a1a0a5cd85b5e3bd05d6

Flush the OpenSSL error queue after a successful PKCS12 parse in case there is some garbage in it.

OpenSSL/crypto/pkcs12.c

diff --git a/OpenSSL/crypto/pkcs12.c b/OpenSSL/crypto/pkcs12.c
index 6f795c5..a3319c0 100644
--- a/OpenSSL/crypto/pkcs12.c
+++ b/OpenSSL/crypto/pkcs12.c
@@ -337,15 +337,25 @@
     }
 
     /* parse the PKCS12 lump */
-    if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
-        /*
-         * If PKCS12_parse fails, and it allocated cacerts, it seems to free
-         * cacerts, but not re-NULL the pointer.  Zounds!  Make sure it is
-         * re-set to NULL here, else we'll have a double-free below.
-         */
-        cacerts = NULL;
-        exception_from_error_queue(crypto_Error);
-        goto error;
+    if (p12) {
+        if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
+	    /*
+             * If PKCS12_parse fails, and it allocated cacerts, it seems to
+             * free cacerts, but not re-NULL the pointer.  Zounds!  Make sure
+             * it is re-set to NULL here, else we'll have a double-free below.
+             */
+            cacerts = NULL;
+            exception_from_error_queue(crypto_Error);
+            goto error;
+        } else {
+	  /*
+	   * OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in
+	   * the queue for no particular reason.  This error isn't interesting
+	   * to anyone outside this function.  It's not even interesting to
+	   * us.  Get rid of it.
+	   */
+	  flush_error_queue();
+	}
     }
 
     if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {