postfix-2.6-20081109

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 888e3d9563dafd08ca9f456f46a30c48954f0e1b..8fbc67cfe37040aacc7effdda7f6432d011d5eff 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -14753,3 +14753,7 @@ Apologies for any names omitted.
        Bugfix (introduced Postfix 2.5): the Postfix SMTP server
        did not ask for a client certificate with "smtpd_tls_req_ccert
        = yes". Reported by Rob Foehl. File: smtpd/smtpd.c.
+
+20081109
+
+       Cleanup: confusing names of variables. File: smtpd/smtpd.c.

diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h
index ca3916090bfe88e75fa0dade5fca9886f89fb13d..e95fa67c08c5ef0322dfbe7fc63d0731290e93b5 100644 (file)
--- a/postfix/src/dns/dns.h
+++ b/postfix/src/dns/dns.h
@@ -179,11 +179,9 @@ extern int dns_lookup_v(const char *, unsigned, DNS_RR **, VSTRING *,
 #define DNS_OK         0               /* query succeeded */
 
  /*
-  * How long can a DNS name be?
-  * 
-  * XXX This currently also limits the combined length of data in TXT records.
+  * How long can a DNS name or single text value be?
   */
-#define DNS_NAME_LEN   4096
+#define DNS_NAME_LEN   1024
 
 /* LICENSE
 /* .ad

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b2167971dfffceb16bf973800bbf232b1b296dfe..6af2aa16ad37336542b3d9dab4f198a1b85d8af5 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20081108"
+#define MAIL_RELEASE_DATE      "20081109"
 #define MAIL_VERSION_NUMBER    "2.6"
 
 #ifdef SNAPSHOT

diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index e483eb4fa8a294e65fa5dbcc0028b0deb04a1904..9b844ae52a6391c34dc461e780cfec63f7dd2c58 100644 (file)
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -1266,7 +1266,7 @@ MILTERS *smtpd_milters;
   * TLS initialization status.
   */
 static TLS_APPL_STATE *smtpd_tls_ctx;
-static int wantcert;
+static int require_server_cert;
 
 #endif
 
@@ -3857,7 +3857,7 @@ static void smtpd_start_tls(SMTPD_STATE *state)
        ADD_EXCLUDE(cipher_exclusions, var_smtpd_tls_excl_ciph);
        if (enforce_tls)
            ADD_EXCLUDE(cipher_exclusions, var_smtpd_tls_mand_excl);
-       if (wantcert)
+       if (require_server_cert)
            ADD_EXCLUDE(cipher_exclusions, "aNULL");
     }
 
@@ -4643,8 +4643,9 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
 #ifdef USE_TLS
            TLS_SERVER_INIT_PROPS props;
            const char *cert_file;
-           int     havecert;
-           int     oknocert;
+           int     have_server_cert;
+           int     no_server_cert_ok;
+           int     ask_client_cert;
 
            /*
             * Can't use anonymous ciphers if we want client certificates.
@@ -4652,25 +4653,26 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
             * 
             * XXX: Ugh! Too many booleans!
             */
-           wantcert = (var_smtpd_tls_ask_ccert
-                       || (enforce_tls && var_smtpd_tls_req_ccert));
+           ask_client_cert = require_server_cert =
+               (var_smtpd_tls_ask_ccert
+                || (enforce_tls && var_smtpd_tls_req_ccert));
            if (strcasecmp(var_smtpd_tls_cert_file, "none") == 0) {
-               oknocert = 1;
+               no_server_cert_ok = 1;
                cert_file = "";
            } else {
-               oknocert = 0;
+               no_server_cert_ok = 0;
                cert_file = var_smtpd_tls_cert_file;
            }
-           havecert =
+           have_server_cert =
                (*cert_file || *var_smtpd_tls_dcert_file || *var_smtpd_tls_eccert_file);
 
            /* Some TLS configuration errors are not show stoppers. */
-           if (!havecert && wantcert)
+           if (!have_server_cert && require_server_cert)
                msg_warn("Need a server cert to request client certs");
            if (!enforce_tls && var_smtpd_tls_req_ccert)
                msg_warn("Can't require client certs unless TLS is required");
            /* After a show-stopper error, reply with 454 to STARTTLS. */
-           if (havecert || (oknocert && !wantcert))
+           if (have_server_cert || (no_server_cert_ok && !require_server_cert))
 
                /*
                 * Large parameter lists are error-prone, so we emulate a
@@ -4701,7 +4703,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
                                    protocols = enforce_tls ?
                                    var_smtpd_tls_mand_proto :
                                    var_smtpd_tls_proto,
-                                   ask_ccert = wantcert,
+                                   ask_ccert = ask_client_cert,
                                    fpt_dgst = var_smtpd_tls_fpt_dgst);
            else
                msg_warn("No server certs available. TLS won't be enabled");

diff --git a/postfix/src/tls/tls_dh.c b/postfix/src/tls/tls_dh.c
index f4efe57f9dd1295eb77fe97075ef7f529589be30..bc5db4f0df1e556af870ca14d9a184dbf441123d 100644 (file)
--- a/postfix/src/tls/tls_dh.c
+++ b/postfix/src/tls/tls_dh.c
@@ -192,13 +192,13 @@ DH     *tls_tmp_dh_cb(SSL *unused_ssl, int export, int keylength)
     DH     *dh_tmp;
 
     if (export && keylength == 512) {          /* 40-bit export cipher */
-       if (dh_1024 == 0)
-           dh_1024 = tls_get_dh(dh512_p, (int) sizeof(dh512_p));
-       dh_tmp = dh_1024;
-    } else {                                   /* ADH, DHE-RSA or DSA */
        if (dh_512 == 0)
-           dh_512 = tls_get_dh(dh1024_p, (int) sizeof(dh1024_p));
+           dh_512 = tls_get_dh(dh512_p, (int) sizeof(dh512_p));
        dh_tmp = dh_512;
+    } else {                                   /* ADH, DHE-RSA or DSA */
+       if (dh_1024 == 0)
+           dh_1024 = tls_get_dh(dh1024_p, (int) sizeof(dh1024_p));
+       dh_tmp = dh_1024;
     }
     return (dh_tmp);
 }