Commit 514cd6ec82 for openssl.org

commit 514cd6ec821d1b324a3d59fb168d6b3340312f85
Author: Igor Ustinov <igus@openssl.foundation>
Date:   Tue Mar 31 16:35:49 2026 +0200

    Setting statem.error_state more carefully

    Reviewed-by: Matt Caswell <matt@openssl.foundation>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Sat Apr 11 19:31:39 2026
    (Merged from https://github.com/openssl/openssl/pull/30647)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index be5f4a20f0..1b7fe8cb6b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2271,14 +2271,13 @@ static void ssl_update_error_state(SSL_CONNECTION *sc)
     if (sc == NULL)
         return;

-    if (sc->statem.state == MSG_FLOW_ERROR) {
+    if (sc->statem.state == MSG_FLOW_ERROR
+        && sc->statem.error_state == ERROR_STATE_NOERROR) {
         l = ERR_peek_error();
-        if (l != 0) {
-            if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-                sc->statem.error_state = ERROR_STATE_SYSCALL;
-            else
-                sc->statem.error_state = ERROR_STATE_SSL;
-        }
+        if (l == 0 || ERR_GET_LIB(l) == ERR_LIB_SYS)
+            sc->statem.error_state = ERROR_STATE_SYSCALL;
+        else
+            sc->statem.error_state = ERROR_STATE_SSL;
     }
 }