From c6e2db2f14d98c6421401dea70f57333898ce782 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Wed, 27 Feb 2013 23:31:38 +0100
Subject: [PATCH] crypto: clear error stack

Clear OpenSSL's error stack on return from Connection::HandleSSLError().
This stops stale errors from popping up later in the lifecycle of the
SSL connection where they would cause spurious failures.

This commit causes a 1-2% performance regression on `make bench-tls`.
We'll address that in follow-up commits if possible but let's ensure
correctness first.

Fixes #4771.
---
 src/node_crypto.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 187b344be4a..44d2171d1ae 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -901,6 +901,16 @@ int Connection::HandleBIOError(BIO *bio, const char* func, int rv) {
 
 
 int Connection::HandleSSLError(const char* func, int rv, ZeroStatus zs) {
+  // Forcibly clear OpenSSL's error stack on return. This stops stale errors
+  // from popping up later in the lifecycle of the SSL connection where they
+  // would cause spurious failures. It's a rather blunt method, though.
+  // ERR_clear_error() isn't necessarily cheap either.
+  struct ClearErrorOnReturn {
+    ~ClearErrorOnReturn() { ERR_clear_error(); }
+  };
+  ClearErrorOnReturn clear_error_on_return;
+  (void) &clear_error_on_return;  // Silence unused variable warning.
+
   if (rv > 0) return rv;
   if ((rv == 0) && (zs == kZeroIsNotAnError)) return rv;