From d7249068dbbd7e3e6ec5e7eb22d86271e19df848 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 25 Sep 2018 15:14:57 -0700
Subject: [PATCH 1/3] Fix for Lighttpd 1.4.49, which requires `HAVE_EX_DATA`.

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index e27329888..e307cbf45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3160,7 +3160,7 @@ then
     fi
 fi
 
-if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
+if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"

From 1bf7cad633a5633cb331e7d579e8c47923eb048a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 25 Sep 2018 16:13:13 -0700
Subject: [PATCH 2/3] Fix for case where `wc_ClearErrorNodes` is called, but
 then `wc_PullErrorNode` is called and `wc_current_node` is populated with
 invalid ->next pointer.

---
 wolfcrypt/src/logging.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index ecc64c460..03d199866 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -677,8 +677,9 @@ void wc_ClearErrorNodes(void)
         }
     }
 
-    wc_errors    = NULL;
-    wc_last_node = NULL;
+    wc_errors       = NULL;
+    wc_last_node    = NULL;
+    wc_current_node = NULL;
     wc_UnLockMutex(&debug_mutex);
 #endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
 }

From 6e629a51f897afbb7c5ba5947ab99855c26651d3 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 26 Sep 2018 08:16:58 -0700
Subject: [PATCH 3/3] Added test case for scenario where error is pushed,
 cleared then try to get current. Without fix to clear `wc_current_node` in
 `wc_ClearErrorNodes` this causes access to invalid/free'd memory.

---
 tests/api.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index c48a6dd23..a18b3ea7e 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -18391,6 +18391,11 @@ static void test_wolfSSL_ERR_put_error(void)
     /* Empty and free up all error nodes */
     ERR_clear_error();
 
+    /* Verify all nodes are cleared */
+    ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
+    ERR_clear_error();
+    AssertIntEQ(ERR_get_error_line(&file, &line), 0);
+
     printf(resultFmt, passed);
     #endif
 }