From: Timo Sirainen Date: Tue, 31 Oct 2017 17:49:56 +0000 (+0200) Subject: lib-ssl-iostream: Fix checking cert validity when handshake callback isn't used X-Git-Tag: 2.3.0.rc1~626 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cc68747aa932fb9a98f1504b9d874f5cfbf0dec;p=thirdparty%2Fdovecot%2Fcore.git lib-ssl-iostream: Fix checking cert validity when handshake callback isn't used --- diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c index 058d0fe6ab..2c8d816936 100644 --- a/src/lib-ssl-iostream/iostream-openssl.c +++ b/src/lib-ssl-iostream/iostream-openssl.c @@ -611,14 +611,16 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io) if (ssl_io->handshake_callback != NULL) { if (ssl_io->handshake_callback(&error, ssl_io->handshake_context) < 0) { i_assert(error != NULL); - i_stream_close(ssl_io->plain_input); - o_stream_close(ssl_io->plain_output); openssl_iostream_set_error(ssl_io, error); ssl_io->handshake_failed = TRUE; - errno = EINVAL; - return -1; } } + if (ssl_io->handshake_failed) { + i_stream_close(ssl_io->plain_input); + o_stream_close(ssl_io->plain_output); + errno = EINVAL; + return -1; + } i_free_and_null(ssl_io->last_error); ssl_io->handshaked = TRUE;