--- a/src/lib-ssl-iostream/iostream-openssl.c	Fri Dec 09 15:06:05 2016 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Wed Dec 07 14:23:12 2016 +0100
@@ -299,7 +299,11 @@
 
 static void openssl_iostream_destroy(struct ssl_iostream *ssl_io)
 {
-	(void)SSL_shutdown(ssl_io->ssl);
+	if (SSL_shutdown(ssl_io->ssl) != 1) {
+		/* if bidirectional shutdown fails we need to clear
+		   the error queue */
+		openssl_iostream_clear_errors();
+	}
 	(void)openssl_iostream_more(ssl_io);
 	(void)o_stream_flush(ssl_io->plain_output);
 	/* close the plain i/o streams, because their fd may be closed soon,

--- a/src/login-common/ssl-proxy-openssl.c	Fri Dec 09 15:06:05 2016 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Wed Dec 07 14:23:12 2016 +0100
@@ -813,7 +813,11 @@
 	if (proxy->io_plain_write != NULL)
 		io_remove(&proxy->io_plain_write);
 
-	(void)SSL_shutdown(proxy->ssl);
+	if (SSL_shutdown(proxy->ssl) != 1) {
+		/* if bidirectional shutdown fails we need to clear
+		   the error queue. */
+		openssl_iostream_clear_errors();
+	}
 
 	net_disconnect(proxy->fd_ssl);
 	net_disconnect(proxy->fd_plain);