lib-ssl-iostream: Fix checking cert validity when handshake callback isn't used

author Timo Sirainen <timo.sirainen@dovecot.fi>

Tue, 31 Oct 2017 17:49:56 +0000 (19:49 +0200)

committer Ville Savolainen <ville.savolainen@dovecot.fi>

Tue, 16 Jan 2018 10:44:28 +0000 (12:44 +0200)
author Timo Sirainen <timo.sirainen@dovecot.fi>
Tue, 31 Oct 2017 17:49:56 +0000 (19:49 +0200)
committer Ville Savolainen <ville.savolainen@dovecot.fi>
Tue, 16 Jan 2018 10:44:28 +0000 (12:44 +0200)
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c

index 71f48df6296c1b15209477fdb57c0ca77034a7b0..f2504e056a84f2a862d41a53966ee0e49ce28d2e 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -598,14 +598,16 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io)
         if (ssl_io->handshake_callback != NULL) {
                 if (ssl_io->handshake_callback(&error, ssl_io->handshake_context) < 0) {
                         i_assert(error != NULL);
-                       i_stream_close(ssl_io->plain_input);
-                       o_stream_close(ssl_io->plain_output);
                         openssl_iostream_set_error(ssl_io, error);
                         ssl_io->handshake_failed = TRUE;
-                       errno = EINVAL;
-                       return -1;
                 }
         }
+       if (ssl_io->handshake_failed) {
+               i_stream_close(ssl_io->plain_input);
+               o_stream_close(ssl_io->plain_output);
+               errno = EINVAL;
+               return -1;
+       }
         i_free_and_null(ssl_io->last_error);
         ssl_io->handshaked = TRUE;
author	Timo Sirainen <timo.sirainen@dovecot.fi>
	Tue, 31 Oct 2017 17:49:56 +0000 (19:49 +0200)
committer	Ville Savolainen <ville.savolainen@dovecot.fi>
	Tue, 16 Jan 2018 10:44:28 +0000 (12:44 +0200)