From 3c9d191a5b9d8c245810dc021bad19f3c96ce286 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Mon, 4 Nov 2019 22:30:14 +0100
Subject: [PATCH] Don't propogate ASN_NO_PEM_HEADER from
 wolfSSL_load_client_CA_file

---
 src/ssl.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 74c8b787d..b9f57905e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -14121,6 +14121,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_BIO* bio;
         WOLFSSL_X509 *cert = NULL;
         WOLFSSL_X509_NAME *subjectName = NULL;
+        unsigned long err;
 
         WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
 
@@ -14156,6 +14157,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             cert = NULL;
         }
 
+        err = wolfSSL_ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
+                ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
+            /*
+             * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
+             * to the error queue on file end. This should not be left
+             * for the caller to find so we clear the last error.
+             */
+            wc_RemoveErrorNode(-1);
+        }
+
         wolfSSL_X509_free(cert);
         wolfSSL_BIO_free(bio);
         return list;