From: Timo Sirainen <tss@iki.fi>
Date: Thu, 3 Dec 2015 10:19:12 +0000 (+0200)
Subject: login, lib-ssl-iostream: Clear errors caused by manual EC key selection when there... 
X-Git-Tag: 2.2.20.rc1~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc6dfdfaf4912ba2a7de93003bd93f8288d6a9b2;p=thirdparty%2Fdovecot%2Fcore.git

login, lib-ssl-iostream: Clear errors caused by manual EC key selection when there was no EC key.
EVP_PKEY_get1_EC_KEY() would return an error, which should be ignored
instead of being logged later on.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index ec5917676b..87a9d3273b 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -454,6 +454,10 @@ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
 		if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
 		    (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
 			nid = EC_GROUP_get_curve_name(ecgrp);
+		else {
+			/* clear errors added by the above calls */
+			(void)openssl_iostream_error();
+		}
 		EVP_PKEY_free(pkey);
 	}
 
diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index f4983addc3..cad0cf1c8e 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -1129,6 +1129,10 @@ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *s
 	    (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
 	    (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
 		nid = EC_GROUP_get_curve_name(ecgrp);
+	else {
+		/* clear errors added by the above calls */
+		(void)openssl_iostream_error();
+	}
 	EVP_PKEY_free(pkey);
 	return nid;
 }