From: Ralph Corderoy <ralph@inputplus.co.uk>
Date: Sat, 10 Jun 2017 17:32:08 +0000 (+0100)
Subject: sbr/netsec.c: Report popped TLS error code, don't pop again.
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/fc5b73a4b95c03c2c81b04ee8c819471b66de52d?hp=10eea2b0e1f58c09cca6e6bba4984f7f88ba7a72

sbr/netsec.c: Report popped TLS error code, don't pop again.

ERR_get_error() pops an error code so having tested that value it should
also be the one that's reported in an error message, not another popped
error code by calling ERR_get_error() again as this misleads as to the
error's cause.
---

diff --git a/sbr/netsec.c b/sbr/netsec.c
index dd75bfd5..ab05cf8e 100644
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -1631,7 +1631,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
 	    if (BIO_get_ssl(nsc->ssl_io, &ssl) < 1) {
 		netsec_err(errstr, "Certificate verification failed, but "
 			   "cannot retrieve SSL handle: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
+                           ERR_error_string(errcode, NULL));
 	    } else {
 		netsec_err(errstr, "Server certificate verification failed: %s",
 			   X509_verify_cert_error_string(
@@ -1639,7 +1639,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
 	    }
 	} else {
 	    netsec_err(errstr, "TLS negotiation failed: %s",
-		       ERR_error_string(errcode, NULL));
+                       ERR_error_string(errcode, NULL));
 	}
 
 	/*