fixing some minor SSL related issues

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/branches/release-1.1@338 e88ac4ed-0b26-0410-9574-a7f39faa03bf
author: venaas <venaas> 2008-08-14 12:30:35 +0000
committer: venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> 2008-08-14 12:30:35 +0000
commit: 29976b5a7ba260336ce2a97d02f05634719e1a5a (patch)
tree: d1739aa9d2681f1feecc280a544b4752e28446df /radsecproxy.c
parent: 5d8735cfe198bc2d7a9f0c4d966fa67da5d59ddf (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index 1ef66b6..a865890 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2398,6 +2398,7 @@ void *tlsserverwr(void *arg) {
 		/* ssl might have changed while waiting */
 		pthread_mutex_unlock(&replyq->mutex);
 		debug(DBG_DBG, "tlsserverwr: exiting as requested");
+		ERR_remove_state(0);
 		pthread_exit(NULL);
 	    }
 	}
@@ -2502,6 +2503,7 @@ void *tlsservernew(void *arg) {
 
  exit:
     SSL_free(ssl);
+    ERR_remove_state(0);
     shutdown(s, SHUT_RDWR);
     close(s);
     pthread_exit(NULL);
@@ -2603,6 +2605,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
 	    debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL));
 	debugx(1, DBG_ERR, "Error adding CA subjects in TLS context %s", value);
     }
+    ERR_clear_error(); /* add_dir_cert_subj returns errors on success */
     SSL_CTX_set_client_CA_list(ctx, calist);
     
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb);
author	venaas <venaas>	2008-08-14 12:30:35 +0000
committer	venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>	2008-08-14 12:30:35 +0000
commit	29976b5a7ba260336ce2a97d02f05634719e1a5a (patch)
tree	d1739aa9d2681f1feecc280a544b4752e28446df /radsecproxy.c
parent	5d8735cfe198bc2d7a9f0c4d966fa67da5d59ddf (diff)