src: mark/pop OpenSSL errors in NewRootCertStore

This commit sets the OpenSSL error mark before calling
X509_STORE_load_locations and pops the error mark afterwards.

The motivation for this is that it is possible that
X509_STORE_load_locations can produce errors if the configuration
option --openssl-system-ca-path file does not exist. Later if a
different function is called which calls an OpenSSL function it could
fail because these errors might still be on the OpenSSL error stack.

Currently, all functions that call NewRootCertStore clear the
OpenSSL error queue upon returning, but this was not the case for
example in v12.18.0.

PR-URL: https://github.com/nodejs/node/pull/35514
Fixes: https://github.com/nodejs/node/issues/35456
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/node.gyp b/node.gyp
index cf214280bb..d364286fba 100644
--- a/node.gyp
+++ b/node.gyp
@@ -1363,6 +1363,9 @@
           'defines': [
             'HAVE_OPENSSL=1',
           ],
+          'sources': [
+            'test/cctest/test_node_crypto.cc',
+          ]
         }],
         [ 'node_use_openssl=="true" and experimental_quic==1', {
           'defines': [