On 8/22/2020 7:02 AM, Viktor Dukhovni wrote:
> On Fri, Aug 21, 2020 at 05:38:42PM -0400, Wietse Venema wrote:
>
>> thorsten.hab...@findichgut.net:
>>> Any chance to backport the patch to 3.4/3.5?
>> This is more change than is allowed in a stable release. Postfix
>> 3.6 drops support for OpenSSL < 1.1.1, deletes o(thousand) lines
>> of DANE support from the Postfix TLS library, and replaces it with
>> o(hundred) lines to use instead the DANE support in OpenSSL.
> The backport request was just for the one-liner fix in posttls-finger,
> where "-X" no longer falsely conflicts with "-r" (when no "-r" is
> in fact specified). This should/will likely be backported.
Yes, sorry. I removed the patch I posted earlier in my message. Because
I am not sure that it's correct:
--- a/src/posttls-finger/posttls-finger.c 2019-02-12
14:17:45.000000000 +0100
+++ b/src/posttls-finger/posttls-finger.c.new 2020-08-21
09:15:04.256945675 +0200
@@ -1988,7 +1988,7 @@
msg_fatal("bad '-a' option value: %s", state->options.addr_pref);
#ifdef USE_TLS
- if (state->tlsproxy_mode && state->reconnect)
+ if (state->tlsproxy_mode && state->reconnect > 0)
msg_fatal("The -X and -r options are mutually exclusive");
#endif
while it's state->reconnect >= 0 in the 3.6 snapshot. I checked the source of
the 3.5.6 posttls-finger.c again and I am still not sure which version should
be used for 3.5.
