On 8/20/2020 2:38 PM, Wietse Venema wrote:
> Thorsten Habich:
>> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>>> Do *resumed* sessions always fail to validate? Or is that intermittent?
>> As far as I could see resumed sessions that failed keep failing
> That's not what he asked.
>
> What he
On 8/20/2020 2:38 PM, Wietse Venema wrote:
> Thorsten Habich:
>> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>>> Do *resumed* sessions always fail to validate? Or is that intermittent?
>> As far as I could see resumed sessions that failed keep failing
> That's not what he asked.
>
> What he
Thorsten Habich:
> If I remember correctly the certificate verification with connection
> reuse (so the tlsproxy gets involved) was fixed with:
>
> 20200620
>
> ??? Bugfix (introduced: Postfix 3.4): SMTP over TLS connection
> ??? reuse was broken for configurations that use explicit trust
> ???
On Thu, Aug 20, 2020 at 04:59:49PM +0300, Thorsten Habich wrote:
> > - Do FAILURES happen ONLY after a session is RESUMED.
>
> Sorry, no. The first connection decides if the problem occurs or not.
> If the session is resumed the error only occurs *if the first
> connection failed*.
Thanks for
On Thu, Aug 20, 2020 at 01:20:00PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
>
> > - &_DANE_BASED(state->client_start_props->tls_level))
> > + && TLS_DANE_HASTA(state->client_start_props->dane))
> > @@ -1427,7 +1427,7 @@ static void tlsp_get_request_event(int event, void
> > *context)
>
Viktor Dukhovni:
> On Thu, Aug 20, 2020 at 01:20:00PM -0400, Wietse Venema wrote:
>
> > Viktor Dukhovni:
> >
> > > - &_DANE_BASED(state->client_start_props->tls_level))
> > > + && TLS_DANE_HASTA(state->client_start_props->dane))
> > > @@ -1427,7 +1427,7 @@ static void tlsp_get_request_event(int
Viktor Dukhovni:
> state->client_start_props->fd = state->ciphertext_fd;
> /* These predicates and warning belong inside tls_client_start(). */
> if (!tls_dane_avail()/* mandatory side effects!! */
> - &_DANE_BASED(state->client_start_props->tls_level))
> +
On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>
> Do *resumed* sessions always fail to validate? Or is that intermittent?
As far as I could see resumed sessions that failed keep failing
(probably until the session cache expires) but I had to restart the
Postfix most times before that happened.
Thorsten Habich:
>
> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
> >
> > Do *resumed* sessions always fail to validate? Or is that intermittent?
>
> As far as I could see resumed sessions that failed keep failing
That's not what he asked.
What he asked is:
- Do FAILURES happen ONLY after a