Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
initializing the ICU library before making the chroot()
call. Files: util/midna_domain.[hc], global/mail_params.c.
+
+20200511
+
+ Noise suppression: spurious "SSL_Shutdown:shutdown while
+ in init" warnings. File: tls/tls_session.c.
+
+ Debugging: with a single -v, the cleanup server now also
+ logs output envelope records, so that one -v option shows
+ the input and output. File: cleanup_out.c.
+
+20200515
+
+ Bugfix (introduced: Postfix 2.2): TLS error status info
+ from a PostgreSQL client caused a false 'lost connection'
+ error for an SMTP-over-TLS session in the same Postfix
+ process. Reported by Alexander Vasarab, diagnosed by Viktor
+ Dukhovni. File: tls/tls_bio_ops.c.
+
+ Bugfix (introduced: Postfix 2.8): TLS error status info
+ from one TLS session may cause a false 'lost connection'
+ error for concurrent TLS sessions in the same tlsproxy
+ process. File: tlsproxy/tlsproxy.c.
#define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT)
+ if (msg_verbose && !TEXT_RECORD(type))
+ msg_info("cleanup_out: %c %.*s", type, (int) len, string);
+
if (var_line_limit <= 0)
msg_panic("cleanup_out: bad line length limit: %d", var_line_limit);
do {
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20200511"
+#define MAIL_RELEASE_DATE "20200515"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
* handling any pending network I/O.
*/
for (;;) {
+
+ /*
+ * Flush the per-thread SSL error queue. Otherwise, errors from other
+ * code that also uses TLS may confuse SSL_get_error(3).
+ */
+ ERR_clear_error();
+
if (hsfunc)
status = hsfunc(TLScontext->con);
else if (rfunc)
* so we will not perform SSL_shutdown() and the session will be removed
* as being bad.
*/
- if (!failure) {
+ if (!failure && !SSL_in_init(TLScontext->con)) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
*/
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout;
+ ERR_clear_error();
if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con);
else
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
+ ERR_clear_error();
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
*/
ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) {
+ ERR_clear_error();
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
*/
ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
+ ERR_clear_error();
ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf),
projects / thirdparty / postfix.git / commitdiff
