On 6/20/2020 10:15 PM, Wietse Venema wrote:
> diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
> '--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
> /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c src/tlsproxy/tlsproxy.c
> --- /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c 2020-05-15
> 09:29:14.000000000 -0400
> +++ src/tlsproxy/tlsproxy.c 2020-06-20 14:55:59.216357419 -0400
> @@ -997,12 +997,12 @@
> state->client_start_props->ctx = state->appl_state;
> state->client_start_props->fd = state->ciphertext_fd;
> /* These predicates and warning belong inside tls_client_start(). */
> - if (!TLS_DANE_BASED(state->client_start_props->tls_level)
> - || tls_dane_avail())
> - state->tls_context = tls_client_start(state->client_start_props);
> - else
> + if (!tls_dane_avail() /* mandatory side effects!! */
> + &&TLS_DANE_BASED(state->client_start_props->tls_level))
> msg_warn("%s: DANE requested, but not available",
> state->client_start_props->namaddr);
> + else
> + state->tls_context = tls_client_start(state->client_start_props);
> if (state->tls_context != 0)
> return (TLSP_STAT_OK);
I applied this patch too and everything seems to be working now, thanks!
Will both patches (connection_reuse in tls policy map and tafile with
connection reuse on) be part of 3.5.4?
