OpenSSL: emit actual version on "wrong version number" error for SSL_accept

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7a625a8ba10ca2c8ce1ae516372f21bdcc2d983a..247da092f5f0829c5bdf1e643d7e11cbdd740d04 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2706,8 +2706,14 @@ if (rc <= 0)
 
     /* Handle genuine errors */
     case SSL_ERROR_SSL:
 
     /* Handle genuine errors */
     case SSL_ERROR_SSL:

-      (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+      {
+      uschar * s = US"SSL_accept";
+      ulong e = ERR_peek_error();
+      if (ERR_GET_REASON(e) == SSL_R_WRONG_VERSION_NUMBER)
+       s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));
+      (void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);

       return FAIL;
       return FAIL;

+      }

 
     default:
       DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
 
     default:
       DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);