Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

Viktor Dukhovni Fri, 21 Aug 2020 12:16:01 -0700

On Fri, Aug 21, 2020 at 03:11:50PM -0400, Wietse Venema wrote:

> Viktor Dukhovni:
> > On Fri, Aug 21, 2020 at 10:59:11AM -0400, Wietse Venema wrote:
> > 
> > > > Viktor Dukhovni:
> > > > > -     &&TLS_DANE_BASED(state->client_start_props->tls_level))
> > > > > +     && TLS_DANE_HASTA(state->client_start_props->dane))
> > > > >       msg_warn("%s: DANE requested, but not available",
> > > > >                state->client_start_props->namaddr);
> > > 
> > > Should there be a warning when tls_dane_avail() fails AND the
> > > TLS_DANE_BASED is true?
> > 
> > Not needed if TLS_DANE_HASTA is not true, because:
> 
> In that case, can you can suggest a more appropriate warning message?
> The text no longer matches the error condition.


Fair point.  The warning message could/should read:

        msg_warn("%s: DANE or local trust anchor based chain"
                 " verification requested, but not available",
                 state->client_start_props->namaddr);

-- 
    Viktor.

Re: PATCH #3 (Postfix 3.4 + 3.5): TLS connection_reuse with "tafile"

Reply via email to