From fa9e4a1d04268f4a7e46166f70b6d5def10297f9 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 4 Oct 2019 10:21:24 +0100
Subject: [PATCH] OpenSSL: emit actual version on "wrong version number" error
 for SSL_accept

---
 src/src/tls-openssl.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7a625a8ba..247da092f 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2706,8 +2706,14 @@ if (rc <= 0)
 
     /* Handle genuine errors */
     case SSL_ERROR_SSL:
-      (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+      {
+      uschar * s = US"SSL_accept";
+      ulong e = ERR_peek_error();
+      if (ERR_GET_REASON(e) == SSL_R_WRONG_VERSION_NUMBER)
+	s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));
+      (void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
       return FAIL;
+      }
 
     default:
       DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
-- 
2.30.2