From a9a0f8459ce63cde7c270b0f36e21164d1a8fd4a Mon Sep 17 00:00:00 2001
From: "Alfred E. Heggestad" <aeh@db.org>
Date: Tue, 11 Jun 2013 17:58:03 +0000
Subject: [PATCH] patch; tls -- clear SSL global error queue

http://www.openssl.org/docs/ssl/SSL_get_error.html
http://comments.gmane.org/gmane.comp.encryption.openssl.devel/18690
---
 src/tls/openssl/tls_tcp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tls/openssl/tls_tcp.c b/src/tls/openssl/tls_tcp.c
index 6a62790..2bc39a9 100644
--- a/src/tls/openssl/tls_tcp.c
+++ b/src/tls/openssl/tls_tcp.c
@@ -127,6 +127,8 @@ static int tls_connect(struct tls_conn *tc)
 	if (r <= 0) {
 		const int ssl_err = SSL_get_error(tc->ssl, r);
 
+		ERR_clear_error();
+
 		switch (ssl_err) {
 
 		case SSL_ERROR_WANT_READ:
@@ -152,6 +154,8 @@ static int tls_accept(struct tls_conn *tc)
 	if (r <= 0) {
 		const int ssl_err = SSL_get_error(tc->ssl, r);
 
+		ERR_clear_error();
+
 		switch (ssl_err) {
 
 		case SSL_ERROR_WANT_READ:
@@ -237,6 +241,8 @@ static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
 		if (n < 0) {
 			const int ssl_err = SSL_get_error(tc->ssl, n);
 
+			ERR_clear_error();
+
 			switch (ssl_err) {
 
 			case SSL_ERROR_WANT_READ:
@@ -270,6 +276,7 @@ static bool send_handler(int *err, struct mbuf *mb, void *arg)
 	r = SSL_write(tc->ssl, mbuf_buf(mb), (int)mbuf_get_left(mb));
 	if (r <= 0) {
 		DEBUG_WARNING("SSL_write: %d\n", SSL_get_error(tc->ssl, r));
+		ERR_clear_error();
 		*err = EPROTO;
 	}