From 99a08a0d24103b753d08d8d8add8adb3295935c3 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 26 Sep 2019 12:34:18 +0300
Subject: [PATCH] login-common: Retrieve error from ssl context if handshake
 fails

Fixes

imap-login: Error: proxy: Failed to start SSL handshake to 127.0.0.2:43143: (null)

and

imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
Fatal: master: service(imap-login): child 14764 killed with signal 11 (core dumped)

Broken in 9f1038760ca5ba154366176a7056aad1c7b6c77e
---
 src/login-common/login-proxy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 2f69599a11..717481672e 100644
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -716,6 +716,7 @@ int login_proxy_starttls(struct login_proxy *proxy)
 	}
 	ssl_iostream_context_unref(&ssl_ctx);
 	if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) {
+		error = ssl_iostream_get_last_error(proxy->server_ssl_iostream);
 		client_log_err(proxy->client, t_strdup_printf(
 			"proxy: Failed to start SSL handshake to %s:%u: %s",
 			net_ip2addr(&proxy->ip), proxy->port, error));
-- 
2.47.3