[Fix] Clear SSL errors

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)
diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c

index 06318c847b7d6e6df850b49a9158795ee37cc264..a4f77bfea4c93b3bc55bd937586a8e4ca77a7487 100644 (file)
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2871,6 +2871,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
                 if (RSA_verify (nid, raw_digest, dlen, ctx->b, ctx->blen,
                                 key->key.key_rsa) != 1) {
                         msg_debug_dkim ("headers rsa verify failed");
+                       ERR_clear_error ();
                         res->rcode = DKIM_REJECT;
                         res->fail_reason = "headers rsa verify failed";
  
@@ -2898,6 +2899,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
                                         RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
                                         ctx->dkim_header);
                         msg_debug_dkim ("headers ecdsa verify failed");
+                       ERR_clear_error ();
                         res->rcode = DKIM_REJECT;
                         res->fail_reason = "headers ecdsa verify failed";
                 }
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c

index c229b679446a7776052918e8a5dd09d7de4880e8..319e87a0498c30ea783a3abb835608cee02c2f35 100644 (file)
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -666,6 +666,8 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
  
         g_assert (conn != NULL);
  
+       /* Ensure that we start from the empty SSL errors stack */
+       ERR_clear_error ();
         conn->ssl = SSL_new (conn->ssl_ctx->s);
  
         if (hostname) {
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c

index 0d4a268ed68950263676c372c09b516f02c698a4..a554cd79bcc9ef84a5be5e4c491f29bc047ef03f 100644 (file)
--- a/src/lua/lua_rsa.c
+++ b/src/lua/lua_rsa.c
@@ -620,9 +620,10 @@ lua_rsa_verify_memory (lua_State *L)
                                 signature->str, signature->len, rsa);
  
                 if (ret == 0) {
-                       msg_info ("cannot check rsa signature for data: %s",
-                               ERR_error_string (ERR_get_error (), NULL));
                         lua_pushboolean (L, FALSE);
+                       lua_pushstring (L, ERR_error_string (ERR_get_error (), NULL));
+
+                       return 2;
                 }
                 else {
                         lua_pushboolean (L, TRUE);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 Dec 2021 11:42:17 +0000 (11:42 +0000)
src/libserver/dkim.c		patch \| blob \| history
src/libserver/ssl_util.c		patch \| blob \| history
src/lua/lua_rsa.c		patch \| blob \| history