From d5a62c2d9e92e980d98a75c92d3e102cd0711ed1 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Sun, 4 Sep 2016 16:17:23 +0900
Subject: Avoid using ERR_get_error()

Use ERR_peek_error() which does not remove the fetched error from the
queue instead, then clear the queue explicitly with the dedicated
function ossl_clear_error(). OpenSSL may put multiple error items to the
queue in one function call.
---
 ext/openssl/ossl_pkcs7.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ext/openssl/ossl_pkcs7.c')

diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index fd58b48b..4040355f 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -795,7 +795,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
     BIO_free(in);
     sk_X509_pop_free(x509s, X509_free);
     if (ok < 0) ossl_raise(ePKCS7Error, "PKCS7_verify");
-    msg = ERR_reason_error_string(ERR_get_error());
+    msg = ERR_reason_error_string(ERR_peek_error());
     ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil);
     ossl_clear_error();
     data = ossl_membio2str(out);
-- 
cgit v1.2.3