responses more gracefully, i.e. without losing synchronization.
Files: smtpd/smtpd_chat.c, smtpd/smtpd_proxy.c, smtp/smtp_chat.c,
smtpstone/smtp-source.c.
+
+20110207
+
+ Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
+ >= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110205"
+#define MAIL_RELEASE_DATE "20110207"
#define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT
while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
vstring_truncate(vp, VSTRING_LEN(vp) - 1);
VSTRING_TERMINATE(vp);
+ /* FALLTRHOUGH */
/*
* Partial line: just read the remainder later. If we ran into EOF,
TLS_SERVER_START(&props,
ctx = smtpd_tls_ctx,
stream = state->client,
+ fd = -1,
log_level = var_smtpd_tls_loglevel,
timeout = var_smtpd_starttls_tmout,
requirecert = requirecert,
typedef struct {
TLS_APPL_STATE *ctx; /* TLS application context */
VSTREAM *stream; /* Client stream */
+ int fd; /* Event-driven file descriptor */
int log_level; /* TLS log level */
int timeout; /* TLS handshake timeout */
int requirecert; /* Insist on client cert? */
((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
-#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
+#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11) \
tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
- ((props)->a8), ((props)->a9), ((props)->a10), (props)))
+ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), (props)))
/*
* tls_session.c
/* SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
/*
/* To maintain control over TLS I/O, an event-driven server
-/* invokes tls_server_start() with a null VSTREAM argument.
+/* invokes tls_server_start() with a null VSTREAM argument and
+/* with an fd argument that specifies the I/O file descriptor.
/* Then, tls_server_start() performs all the necessary
/* preparations before the TLS handshake and returns a partially
/* populated TLS context. The event-driven application is then
*/
SSL_set_accept_state(TLScontext->con);
+ /*
+ * Connect the SSL connection with the network socket.
+ */
+ if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :
+ vstream_fileno(props->stream)) != 1) {
+ msg_info("SSL_set_fd error to %s", props->namaddr);
+ tls_print_errors();
+ uncache_session(app_ctx->ssl_ctx, TLScontext);
+ tls_free_context(TLScontext);
+ return (0);
+ }
+
/*
* If the debug level selected is high enough, all of the data is dumped:
* 3 will dump the SSL negotiation, 4 will dump everything.
if (props->stream == 0)
return (TLScontext);
- /*
- * Connect the SSL connection with the network socket.
- */
- if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
- msg_info("SSL_set_fd error to %s", props->namaddr);
- tls_print_errors();
- uncache_session(app_ctx->ssl_ctx, TLScontext);
- tls_free_context(TLScontext);
- return (0);
- }
-
/*
* Turn on non-blocking I/O so that we can enforce timeouts on network
* I/O.
TLS_SERVER_START(&props,
ctx = tlsp_server_ctx,
stream = (VSTREAM *) 0,/* unused */
+ fd = state->ciphertext_fd,
log_level = var_tlsp_tls_loglevel,
timeout = 0, /* unused */
requirecert = (var_tlsp_tls_req_ccert
return;
}
- /*
- * This program will do the ciphertext I/O, not libtls. In the future,
- * the above event-driven engine may be factored out as a libtls library
- * module.
- */
- if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {
- msg_info("SSL_set_fd error to %s", state->remote_endpt);
- tls_print_errors();
- tlsp_state_free(state);
- return;
- }
-
/*
* XXX Do we care about TLS session rate limits? Good postscreen(8)
* clients will occasionally require the tlsproxy to renew their
projects / thirdparty / postfix.git / commitdiff
