From c20c85653f834bb448f3fabce3a8b23a211828bd Mon Sep 17 00:00:00 2001
From: Gordon Smith <GordonJSmith@gmail.com>
Date: Thu, 8 Aug 2024 17:19:19 +0100
Subject: [PATCH 1/2] Split off 9.4.86

Signed-off-by: Gordon Smith <GordonJSmith@gmail.com>
---
 helm/hpcc/Chart.yaml             | 4 ++--
 helm/hpcc/templates/_helpers.tpl | 2 +-
 version.cmake                    | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/helm/hpcc/Chart.yaml b/helm/hpcc/Chart.yaml
index 9eb08120e86..f6fd5069a08 100644
--- a/helm/hpcc/Chart.yaml
+++ b/helm/hpcc/Chart.yaml
@@ -6,9 +6,9 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 9.4.85-closedown0
+version: 9.4.87-closedown0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 
-appVersion: 9.4.85-closedown0
+appVersion: 9.4.87-closedown0
diff --git a/helm/hpcc/templates/_helpers.tpl b/helm/hpcc/templates/_helpers.tpl
index a4c79ccc024..112bf329345 100644
--- a/helm/hpcc/templates/_helpers.tpl
+++ b/helm/hpcc/templates/_helpers.tpl
@@ -1473,7 +1473,7 @@ Pass in dict with .root, .visibility defined
 {{- end -}}
 
 {{- define "hpcc.generateHelmVersion" -}}
-helmVersion: 9.4.85-closedown0
+helmVersion: 9.4.87-closedown0
 {{- end -}}
 
 {{/*
diff --git a/version.cmake b/version.cmake
index da506bde57f..36b64302db2 100644
--- a/version.cmake
+++ b/version.cmake
@@ -5,8 +5,8 @@ set ( HPCC_NAME "Community Edition" )
 set ( HPCC_PROJECT "community" )
 set ( HPCC_MAJOR 9 )
 set ( HPCC_MINOR 4 )
-set ( HPCC_POINT 85 )
+set ( HPCC_POINT 87 )
 set ( HPCC_MATURITY "closedown" )
 set ( HPCC_SEQUENCE 0 )
-set ( HPCC_TAG_TIMESTAMP "2024-08-02T10:52:11Z" )
+set ( HPCC_TAG_TIMESTAMP "2024-08-08T16:19:19Z" )
 ###

From f031d3990752f8ef075c2ba1aba06ea4e19b8070 Mon Sep 17 00:00:00 2001
From: Jake Smith <jake.smith@lexisnexisrisk.com>
Date: Thu, 15 Aug 2024 15:23:30 +0100
Subject: [PATCH 2/2] HPCC-32438 Remove cause of spurious SSL follow-on error

After SSL_CTX_use_certificate succeeds, there is no need to call
ERR_peek_last_error. It can cause previous errors that have bene
left on the SSL error stack to be thrown spuriously at this point.

This was noticed in 9.8 when loading the certs was intermittently
causing failure with:

error:0A000126:SSL routines::unexpected eof while reading - error loading certificate chain

Signed-off-by: Jake Smith <jake.smith@lexisnexisrisk.com>
---
 system/security/securesocket/securesocket.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/system/security/securesocket/securesocket.cpp b/system/security/securesocket/securesocket.cpp
index b5896a88c3f..667294c6506 100644
--- a/system/security/securesocket/securesocket.cpp
+++ b/system/security/securesocket/securesocket.cpp
@@ -1210,9 +1210,6 @@ static bool useCertificateChainPEMBuffer(SSL_CTX *ctx, const char *certBuf, int
                 if (!SSL_CTX_use_certificate(ctx, infoVal->x509))
                     return false;
 
-                if (ERR_peek_last_error() != 0)
-                    return false;
-
                 // Get ready to store intermediate certs, if any.
                 SSL_CTX_clear_chain_certs(ctx);
             }