src: mark/pop OpenSSL errors in NewRootCertStore (!35514) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/danbev/crypto_system_cert_path into master Oct 06, 2020

This commit sets the OpenSSL error mark before calling X509_STORE_load_locations and pops the error mark afterwards.

The motivation for this is that it is possible that X509_STORE_load_locations can produce errors if the configuration option --openssl-system-ca-path file does not exist. Later if a different function is called which calls an OpenSSL function it could fail because these errors might still be on the OpenSSL error queue.

Currently, all functions that call NewRootCertStore clear the OpenSSL error queue upon returning, but this was not the case for example in v12.18.0.

Fixes: https://github.com/nodejs/node/issues/35456

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

Admin message

Admin message

src: mark/pop OpenSSL errors in NewRootCertStore

Checklist

Merge request reports