From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 26 Sep 2019 09:34:18 +0000 (+0300)
Subject: login-common: Retrieve error from ssl context if handshake fails
X-Git-Tag: 2.3.9~141
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99a08a0d24103b753d08d8d8add8adb3295935c3;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Retrieve error from ssl context if handshake fails

Fixes

imap-login: Error: proxy: Failed to start SSL handshake to 127.0.0.2:43143: (null)

and

imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
Fatal: master: service(imap-login): child 14764 killed with signal 11 (core dumped)

Broken in 9f1038760ca5ba154366176a7056aad1c7b6c77e
---

diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 2f69599a11..717481672e 100644
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -716,6 +716,7 @@ int login_proxy_starttls(struct login_proxy *proxy)
 	}
 	ssl_iostream_context_unref(&ssl_ctx);
 	if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) {
+		error = ssl_iostream_get_last_error(proxy->server_ssl_iostream);
 		client_log_err(proxy->client, t_strdup_printf(
 			"proxy: Failed to start SSL handshake to %s:%u: %s",
 			net_ip2addr(&proxy->ip), proxy->port, error));