{"author":"Viktor Szakats","author_email":"commit@vsz.me","author_time":1754693134,"commit_time":1755104048,"committer":"Viktor Szakats","committer_email":"commit@vsz.me","hash":"3eb00fa79540f1f6069af6c03ed8bbd7d04e17e3","message":"openssl: save and restore OpenSSL error queue in two functions\n\nAfter merging #18228, I reviewed whether the clearing of the error queue\nmay interfere with preceding code. Turns out there may be a preceding\n`SSL_Connect()` call.\n\nThis patch replaces the previous fix of clearing the error queue with\nsaving and restoring it in two functions which may be called between\nthe connect call and the `SSL_get_error()` call following it:\n- `ossl_log_tls12_secret()`\n- `Curl_ssl_setup_x509_store()`\n\nThe `ERR_set_mark()`, `ERR_pop_to_mark()` functions are present in all\nsupported OpenSSL and LibreSSL versions. Also in BoringSSL since its\ninitial commit.\n\nOpenSSL may modify its error queue in all API calls that can fail.\n\nThanks-to: Viktor Dukhovni\nRef: https://github.com/curl/curl/issues/18190#issuecomment-3167702142\nRef: https://github.com/curl/curl/issues/18190#issuecomment-3169211739\nRef: https://github.com/curl/curl/issues/18190#issuecomment-3169988050\n\nFollow-up to 8ec241bc990bc88c4f4f7275d81f9fb75b562a7a #18228 #18190\nRef: e8b00fcd6a0c7ff179cebb3615ccebf1f6790b69 #10432 #10389\nFixes #18190\nCloses #18234\n","parents":["2a46df31fdb91851895bc46d81f0065e6cafc80b"],"tree_hash":"6791ea6568501f9d33e41e741cda874605d948c0"}