Control: tags -1 + confirmed On Thu, 2021-03-18 at 13:53 +0100, Andreas Metzler wrote: > I would like to fix two issues in buster: > #1 Fix use of concurrent TLS connections under GnuTLS. When a > callout was > done during a receiving connection, and both used TLS, global info > was > used rather than per-connection info for tracking the state of > data > queued for transmission. This could result in a connection hang. > > #2 Fix issues related to certificate checking: > a) Cherry-pick a bugfix to get proper hostname checking with CNAMES. > Without this patch when connecting to a CNAME the server provided > cert > is checked against the A record instead of the original cname. > #985243 > > b) Document limitation/extent of server certificate checking that is > done by default and how to change it. #985244 and #985344 >
Please go ahead. Regards, Adam
