Clear the error queue when dropping a bad DTLS packet.
This regressed in e95d20dcb80523bf9bc6a9c5682856c8371e0a96. EVP_AEAD will push
errors on the error queue (unlike the EVP_CIPHER codepath which checked
everything internally to ssl/ and didn't bother pushing anything). This meant
that a dropped packet would leave junk in the error queue.
Later, when SSL_read returns <= 0 (EOF or EWOULDBLOCK), the non-empty error
queue check in SSL_get_error kicks in and SSL_read looks to have failed.
Reviewed-by: Adam Langley <firstname.lastname@example.org>
3 files changed