From 46b1fec0e9a6afe2c12fd4dff7c8a0d788aa6dd4 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 26 Jul 2024 16:47:15 +0200
Subject: [PATCH] BUG/MEDIUM: jwt: Clear SSL error queue on error when checking
 the signature

When the signature included in a JWT is verified, if an error occurred, one
or more SSL errors are queued and never cleared. These errors may be then
caught by the SSL stack and a fatal SSL error may be erroneously reported
during a SSL received or send.

So we must take care to clear the SSL error queue when the signature
verification failed.

This patch should fix issue #2643. It must be backported as far as 2.6.
---
 src/jwt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/jwt.c b/src/jwt.c
index 6c4cbd3102..aa5367ceba 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -364,6 +364,13 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx *ctx, struct buffer *decoded_signat
 
 end:
 	EVP_MD_CTX_free(evp_md_ctx);
+	if (retval != JWT_VRFY_OK) {
+		/* Don't forget to remove SSL errors to be sure they cannot be
+		 * caught elsewhere. The error queue is cleared because it seems
+		 * at least 2 errors are produced.
+		 */
+		ERR_clear_error();
+	}
 	return retval;
 }