Wietse Venema:
> Postfix snapshot 20180617, released a few minutes ago, introduces
> Postfix SMTP client support for multiple deliveries per TLS-encrypted
> connection. This is not to be confused with closing a connection
> and reusing some TLS state in a new connection.
Below is a tiny patch for tlsproxy. After the remote TLS peer shuts
down TLS, the patch allows unsent inbound plaintext to trickle out
before tlsproxy tears down the proxied connection.
This addresses a sporadic "lost connection after end-of-data" error
in the Postfix SMTP client, and addresses a sporadic "lost connection
after sending QUIT" error with "posttls-finger -X".
Also released as postfix-3.4-20180618.
Wietse
diff -cr /var/tmp/postfix-3.4-20180617/src/tlsproxy/tlsproxy.c
./src/tlsproxy/tlsproxy.c
*** /var/tmp/postfix-3.4-20180617/src/tlsproxy/tlsproxy.c 2018-06-17
12:35:21.000000000 -0400
--- ./src/tlsproxy/tlsproxy.c 2018-06-18 19:36:32.000000000 -0400
***************
*** 474,479 ****
--- 474,485 ----
tls_print_errors();
/* FALLTHROUGH */
default:
+
+ /*
+ * Allow buffered-up plaintext output to trickle out.
+ */
+ if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf))
+ return (TLSP_STAT_OK);
tlsp_state_free(state);
return (TLSP_STAT_ERR);
}
