From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Wed, 8 Dec 2021 11:42:17 +0000 (+0000)
Subject: [Fix] Clear SSL errors
X-Git-Tag: 3.2~181
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=891ad9ef8ce431a24b4b011a63097b57d643c305;p=rspamd.git

[Fix] Clear SSL errors
---

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 06318c847..a4f77bfea 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2871,6 +2871,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
 		if (RSA_verify (nid, raw_digest, dlen, ctx->b, ctx->blen,
 				key->key.key_rsa) != 1) {
 			msg_debug_dkim ("headers rsa verify failed");
+			ERR_clear_error ();
 			res->rcode = DKIM_REJECT;
 			res->fail_reason = "headers rsa verify failed";
 
@@ -2898,6 +2899,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
 					RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
 					ctx->dkim_header);
 			msg_debug_dkim ("headers ecdsa verify failed");
+			ERR_clear_error ();
 			res->rcode = DKIM_REJECT;
 			res->fail_reason = "headers ecdsa verify failed";
 		}
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index c229b6794..319e87a04 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -666,6 +666,8 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
 
 	g_assert (conn != NULL);
 
+	/* Ensure that we start from the empty SSL errors stack */
+	ERR_clear_error ();
 	conn->ssl = SSL_new (conn->ssl_ctx->s);
 
 	if (hostname) {
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c
index 0d4a268ed..a554cd79b 100644
--- a/src/lua/lua_rsa.c
+++ b/src/lua/lua_rsa.c
@@ -620,9 +620,10 @@ lua_rsa_verify_memory (lua_State *L)
 				signature->str, signature->len, rsa);
 
 		if (ret == 0) {
-			msg_info ("cannot check rsa signature for data: %s",
-				ERR_error_string (ERR_get_error (), NULL));
 			lua_pushboolean (L, FALSE);
+			lua_pushstring (L, ERR_error_string (ERR_get_error (), NULL));
+
+			return 2;
 		}
 		else {
 			lua_pushboolean (L, TRUE);