sbr/netsec.c: Report popped TLS error code, don't pop again.

ERR_get_error() pops an error code so having tested that value it should
also be the one that's reported in an error message, not another popped
error code by calling ERR_get_error() again as this misleads as to the
error's cause.

diff --git a/sbr/netsec.c b/sbr/netsec.c
index dd75bfd56aaa64e8ca88719e36340d1b465e4c93..ab05cf8e85e9235c6f874169bc0b488b40a36ec0 100644 (file)
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -1631,7 +1631,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
            if (BIO_get_ssl(nsc->ssl_io, &ssl) < 1) {
                netsec_err(errstr, "Certificate verification failed, but "
                           "cannot retrieve SSL handle: %s",
            if (BIO_get_ssl(nsc->ssl_io, &ssl) < 1) {
                netsec_err(errstr, "Certificate verification failed, but "
                           "cannot retrieve SSL handle: %s",

-                          ERR_error_string(ERR_get_error(), NULL));
+                           ERR_error_string(errcode, NULL));

            } else {
                netsec_err(errstr, "Server certificate verification failed: %s",
                           X509_verify_cert_error_string(
            } else {
                netsec_err(errstr, "Server certificate verification failed: %s",
                           X509_verify_cert_error_string(


@@ -1639,7 +1639,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
            }
        } else {
            netsec_err(errstr, "TLS negotiation failed: %s",
            }
        } else {
            netsec_err(errstr, "TLS negotiation failed: %s",

-                      ERR_error_string(errcode, NULL));
+                       ERR_error_string(errcode, NULL));

        }
 
        /*
        }
 
        /*