From b3ed2a79a28504ccd7b8b53e75b7dbbbfcee7dc7 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 20 Apr 2020 22:59:14 +0300
Subject: [PATCH] lib-ssl-iostream: Indicate that password might be wrong when
 decrypting key

---
 src/lib-ssl-iostream/iostream-openssl-context.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index cf33db24fc..a5a9cf3e8d 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -97,8 +97,12 @@ int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
 	pkey = PEM_read_bio_PrivateKey(bio, NULL, pem_password_callback, &ctx);
 	if (pkey == NULL && ctx.error == NULL) {
 		ctx.error = t_strdup_printf(
-			"Couldn't parse private SSL key (%s setting): %s",
-			set_name, openssl_iostream_error());
+			"Couldn't parse private SSL key (%s setting)%s: %s",
+			set_name,
+			ctx.password != NULL ?
+				" (maybe ssl_key_password is wrong?)" :
+				"",
+			openssl_iostream_error());
 	}
 	BIO_free(bio);
 
-- 
2.47.3