From e1b4ed4352619f985d7d65f5d95a830ef5775c46 Mon Sep 17 00:00:00 2001
From: Emeric Brun <ebrun@haproxy.com>
Date: Thu, 16 Aug 2018 15:14:12 +0200
Subject: [PATCH] BUG/MEDIUM: ssl: loading dh param from certifile causes
 unpredictable error.

If the dh parameter is not found, the openssl's error global
stack was not correctly cleared causing unpredictable error
during the following parsing (chain cert parsing for instance).

This patch should be backported in 1.8 (and perhaps 1.7)
---
 src/ssl_sock.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a0bea5955..813b59921 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2607,6 +2607,8 @@ static DH * ssl_sock_get_dh_from_file(const char *filename)
         if (in)
                 BIO_free(in);
 
+	ERR_clear_error();
+
 	return dh;
 }