login, lib-ssl-iostream: Clear errors caused by manual EC key selection when there...

EVP_PKEY_get1_EC_KEY() would return an error, which should be ignored
instead of being logged later on.

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index ec5917676b4443c458210e9c3020be9431d3a439..87a9d3273b69a1704de86be7d86f8c846fadace9 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -454,6 +454,10 @@ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
                if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
                    (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
                        nid = EC_GROUP_get_curve_name(ecgrp);
+               else {
+                       /* clear errors added by the above calls */
+                       (void)openssl_iostream_error();
+               }
                EVP_PKEY_free(pkey);
        }
 

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index f4983addc3418fd88ce736e51bc76cb8fc822310..cad0cf1c8e15c058e7998422977d848e7f4f97a7 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -1129,6 +1129,10 @@ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *s
            (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
            (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
                nid = EC_GROUP_get_curve_name(ecgrp);
+       else {
+               /* clear errors added by the above calls */
+               (void)openssl_iostream_error();
+       }
        EVP_PKEY_free(pkey);
        return nid;
 }