postfix-3.4.1

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 775946233ed851e89c94f4a1337457371fc6ffa4..9839a370f5418bf302cba2305e7005974e7eb214 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24165,7 +24165,7 @@ Apologies for any names omitted.
 
 20190304
 
-       Bugfix: a reversed test broke TLS configurations that have
-       the private key and certificate in the same file. Reported
-       by Mike Kazantsev. Fix by Viktor Dukhovni. File:
-       tls/tls_certkey.c.
+       Bugfix: a reversed test broke TLS configurations that specify
+       the same filename for a private key and certificate. Reported
+       by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
+       test. Files: tls/tls_certkey.c, tls/Makefile.in.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 63743fc748e1d3bef3eeaf46c093c4eedce89231..7ae7c01b82d71708f016e8aceef854512214c12a 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20190304"
-#define MAIL_VERSION_NUMBER    "3.4.1-RC1"
+#define MAIL_RELEASE_DATE      "20190307"
+#define MAIL_VERSION_NUMBER    "3.4.1"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE

diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in
index a4ea16a2024083b7d01216e791ca147cba7c0a4f..dabd6403cb672fcd3f4e125210254f3f83d01558 100644 (file)
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@@ -58,6 +58,16 @@ tls_certkey_tests: test
            $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -m $$pem > $$pem.out 2>&1 || exit 1; \
            diff $$pem.ref $$pem.out || exit 1; \
            echo "  $$pem: OK"; \
+           $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k $$pem $$pem > $$pem.out 2>&1 || exit 1; \
+           diff $$pem.ref $$pem.out || exit 1; \
+           echo "  $$pem (with key in $$pem): OK"; \
+           case $$pem in good-*) \
+               ln -sf $$pem tmpkey.pem; \
+               $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k tmpkey.pem $$pem > $$pem.out 2>&1 || exit 1; \
+               diff $$pem.ref $$pem.out || exit 1; \
+               echo "  $$pem (with key in tmpkey.pem): OK"; \
+               rm -f tmpkey.pem;; \
+           esac; \
        done; \
        for pem in bad-*.pem; do \
            $(SHLIB_ENV) $(VALGRIND) ./tls_certkey $$pem > $$pem.out 2>&1 && exit 1 || : ok; \

diff --git a/postfix/src/tls/tls_certkey.c b/postfix/src/tls/tls_certkey.c
index 182f2f7341d07d90e5ec070ec88bf644bc778fe6..74b2fd1cda4e115dc5e4f5ebbfbd64b1d5f8b2ef 100644 (file)
--- a/postfix/src/tls/tls_certkey.c
+++ b/postfix/src/tls/tls_certkey.c
@@ -690,6 +690,7 @@ int     main(int argc, char *argv[])
     int     ch;
     int     mixed = 0;
     int     ret;
+    char   *key_file = 0;
     SSL_CTX *ctx;
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -707,8 +708,11 @@ int     main(int argc, char *argv[])
        tls_print_errors();
        exit(1);
     }
-    while ((ch = GETOPT(argc, argv, "m")) > 0) {
+    while ((ch = GETOPT(argc, argv, "mk:")) > 0) {
        switch (ch) {
+       case 'k':
+           key_file = optarg;
+           break;
        case 'm':
            mixed = 1;
            break;
@@ -722,7 +726,9 @@ int     main(int argc, char *argv[])
     if (argc < 1)
        usage();
 
-    if (mixed)
+    if (key_file)
+       ret = set_cert_stuff(ctx, "any", argv[0], key_file) == 0;
+    else if (mixed)
        ret = load_mixed_file(ctx, argv[0]);
     else
        ret = load_chain_files(ctx, argv[0]);