commit 891ad9e: [Fix] Clear SSL errors

Vsevolod Stakhov vsevolod at highsecure.ru
Wed Dec 8 11:49:07 UTC 2021 

Author: Vsevolod Stakhov
Date: 2021-12-08 11:42:17 +0000
URL: https://github.com/rspamd/rspamd/commit/891ad9ef8ce431a24b4b011a63097b57d643c305 (HEAD -> master)

[Fix] Clear SSL errors

---
 src/libserver/dkim.c     | 2 ++
 src/libserver/ssl_util.c | 2 ++
 src/lua/lua_rsa.c        | 5 +++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 06318c847..a4f77bfea 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2871,6 +2871,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
 		if (RSA_verify (nid, raw_digest, dlen, ctx->b, ctx->blen,
 				key->key.key_rsa) != 1) {
 			msg_debug_dkim ("headers rsa verify failed");
+			ERR_clear_error ();
 			res->rcode = DKIM_REJECT;
 			res->fail_reason = "headers rsa verify failed";
 
@@ -2898,6 +2899,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
 					RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id (key),
 					ctx->dkim_header);
 			msg_debug_dkim ("headers ecdsa verify failed");
+			ERR_clear_error ();
 			res->rcode = DKIM_REJECT;
 			res->fail_reason = "headers ecdsa verify failed";
 		}
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index c229b6794..319e87a04 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -666,6 +666,8 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
 
 	g_assert (conn != NULL);
 
+	/* Ensure that we start from the empty SSL errors stack */
+	ERR_clear_error ();
 	conn->ssl = SSL_new (conn->ssl_ctx->s);
 
 	if (hostname) {
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c
index 0d4a268ed..a554cd79b 100644
--- a/src/lua/lua_rsa.c
+++ b/src/lua/lua_rsa.c
@@ -620,9 +620,10 @@ lua_rsa_verify_memory (lua_State *L)
 				signature->str, signature->len, rsa);
 
 		if (ret == 0) {
-			msg_info ("cannot check rsa signature for data: %s",
-				ERR_error_string (ERR_get_error (), NULL));
 			lua_pushboolean (L, FALSE);
+			lua_pushstring (L, ERR_error_string (ERR_get_error (), NULL));
+
+			return 2;
 		}
 		else {
 			lua_pushboolean (L, TRUE);

More information about the Commits mailing list