On 8/22/2020 7:02 AM, Viktor Dukhovni wrote: > On Fri, Aug 21, 2020 at 05:38:42PM -0400, Wietse Venema wrote: > >> thorsten.hab...@findichgut.net: >>> Any chance to backport the patch to 3.4/3.5? >> This is more change than is allowed in a stable release. Postfix >> 3.6 drops support for OpenSSL < 1.1.1, deletes o(thousand) lines >> of DANE support from the Postfix TLS library, and replaces it with >> o(hundred) lines to use instead the DANE support in OpenSSL. > The backport request was just for the one-liner fix in posttls-finger, > where "-X" no longer falsely conflicts with "-r" (when no "-r" is > in fact specified). This should/will likely be backported.
Yes, sorry. I removed the patch I posted earlier in my message. Because I am not sure that it's correct: --- a/src/posttls-finger/posttls-finger.c 2019-02-12 14:17:45.000000000 +0100 +++ b/src/posttls-finger/posttls-finger.c.new 2020-08-21 09:15:04.256945675 +0200 @@ -1988,7 +1988,7 @@ msg_fatal("bad '-a' option value: %s", state->options.addr_pref); #ifdef USE_TLS - if (state->tlsproxy_mode && state->reconnect) + if (state->tlsproxy_mode && state->reconnect > 0) msg_fatal("The -X and -r options are mutually exclusive"); #endif while it's state->reconnect >= 0 in the 3.6 snapshot. I checked the source of the 3.5.6 posttls-finger.c again and I am still not sure which version should be used for 3.5.