From 345d8ce5664668243413f1ef6c05602316493745 Mon Sep 17 00:00:00 2001
From: Ehren Bendler <ehren.bendler@gmail.com>
Date: Thu, 19 Aug 2021 13:45:55 -0400
Subject: [PATCH] wolfssl: clean up wolfcrypt error queue If wolfSSL is built
 in certain ways (OPENSSL_EXTRA or Debug), the error queue gets added on to
 for each session and never freed. Fix it by calling ERR_clear_error() like in
 vtls/openssl when needed. This func is a no-op in wolfcrypt if the error
 queue is not enabled.

---
 lib/vtls/wolfssl.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 7cab17fb6eac30..59e7cd74127ab8 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -525,6 +525,8 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
   const char * const dispname = SSL_HOST_DISPNAME();
   const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
 
+  ERR_clear_error();
+
   conn->recv[sockindex] = wolfssl_recv;
   conn->send[sockindex] = wolfssl_send;
 
@@ -774,6 +776,9 @@ static ssize_t wolfssl_send(struct Curl_easy *data,
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   struct ssl_backend_data *backend = connssl->backend;
   char error_buffer[WOLFSSL_MAX_ERROR_SZ];
+
+  ERR_clear_error();
+
   int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
   int rc = SSL_write(backend->handle, mem, memlen);
 
@@ -830,6 +835,9 @@ static ssize_t wolfssl_recv(struct Curl_easy *data,
   struct ssl_connect_data *connssl = &conn->ssl[num];
   struct ssl_backend_data *backend = connssl->backend;
   char error_buffer[WOLFSSL_MAX_ERROR_SZ];
+  
+  ERR_clear_error();
+
   int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
   int nread = SSL_read(backend->handle, buf, buffsize);
 
@@ -916,6 +924,7 @@ static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn,
   (void) data;
 
   if(backend->handle) {
+    ERR_clear_error();
     SSL_free(backend->handle);
     backend->handle = NULL;
   }