Bugfix: support for the "dunno" command somehow disappeared
from the postscreen_access_list implementation. File:
postscreen/postscreen_access.c.
+
+20110207
+
+ Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
+ >= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
3. Uncomment the new "smtpd pass ... smtpd" service in master.cf, and
duplicate any "-o parameter=value" entries from the smtpd service that was
- commented out in step 1.
+ commented out in the previous step.
/etc/postfix/master.cf:
smtpd pass - - n - - smtpd
<li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries
-from the smtpd service that was commented out in step 1. </p>
+from the smtpd service that was commented out in the previous step.
+</p>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
<a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
- <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+
Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
RFC 1985 (ETRN command)
RFC 2034 (SMTP Enhanced Status Codes)
RFC 2821 (SMTP protocol)
-RFC 2920 (SMTP Pipelining)
+Not: RFC 2920 (SMTP Pipelining)
RFC 3207 (STARTTLS command)
RFC 3461 (SMTP DSN Extension)
RFC 3463 (Enhanced Status Codes)
<li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
in master.cf, and duplicate any "<tt>-o parameter=value</tt>" entries
-from the smtpd service that was commented out in step 1. </p>
+from the smtpd service that was commented out in the previous step.
+</p>
<pre>
/etc/postfix/master.cf:
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110120"
-#define MAIL_VERSION_NUMBER "2.8.0"
+#define MAIL_RELEASE_DATE "20110207"
+#define MAIL_VERSION_NUMBER "2.8.1-RC1"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/* RFC 1985 (ETRN command)
/* RFC 2034 (SMTP Enhanced Status Codes)
/* RFC 2821 (SMTP protocol)
-/* RFC 2920 (SMTP Pipelining)
+/* Not: RFC 2920 (SMTP Pipelining)
/* RFC 3207 (STARTTLS command)
/* RFC 3461 (SMTP DSN Extension)
/* RFC 3463 (Enhanced Status Codes)
TLS_SERVER_START(&props,
ctx = smtpd_tls_ctx,
stream = state->client,
+ fd = -1,
log_level = var_smtpd_tls_loglevel,
timeout = var_smtpd_starttls_tmout,
requirecert = requirecert,
typedef struct {
TLS_APPL_STATE *ctx; /* TLS application context */
VSTREAM *stream; /* Client stream */
+ int fd; /* Event-driven file descriptor */
int log_level; /* TLS log level */
int timeout; /* TLS handshake timeout */
int requirecert; /* Insist on client cert? */
((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
-#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
+#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11) \
tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
- ((props)->a8), ((props)->a9), ((props)->a10), (props)))
+ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), (props)))
/*
* tls_session.c
/* SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
/*
/* To maintain control over TLS I/O, an event-driven server
-/* invokes tls_server_start() with a null VSTREAM argument.
+/* invokes tls_server_start() with a null VSTREAM argument and
+/* with an fd argument that specifies the I/O file descriptor.
/* Then, tls_server_start() performs all the necessary
/* preparations before the TLS handshake and returns a partially
/* populated TLS context. The event-driven application is then
*/
SSL_set_accept_state(TLScontext->con);
+ /*
+ * Connect the SSL connection with the network socket.
+ */
+ if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :
+ vstream_fileno(props->stream)) != 1) {
+ msg_info("SSL_set_fd error to %s", props->namaddr);
+ tls_print_errors();
+ uncache_session(app_ctx->ssl_ctx, TLScontext);
+ tls_free_context(TLScontext);
+ return (0);
+ }
+
/*
* If the debug level selected is high enough, all of the data is dumped:
* 3 will dump the SSL negotiation, 4 will dump everything.
if (props->stream == 0)
return (TLScontext);
- /*
- * Connect the SSL connection with the network socket.
- */
- if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
- msg_info("SSL_set_fd error to %s", props->namaddr);
- tls_print_errors();
- uncache_session(app_ctx->ssl_ctx, TLScontext);
- tls_free_context(TLScontext);
- return (0);
- }
-
/*
* Turn on non-blocking I/O so that we can enforce timeouts on network
* I/O.
TLS_SERVER_START(&props,
ctx = tlsp_server_ctx,
stream = (VSTREAM *) 0,/* unused */
+ fd = state->ciphertext_fd,
log_level = var_tlsp_tls_loglevel,
timeout = 0, /* unused */
requirecert = (var_tlsp_tls_req_ccert
return;
}
- /*
- * This program will do the ciphertext I/O, not libtls. In the future,
- * the above event-driven engine may be factored out as a libtls library
- * module.
- */
- if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {
- msg_info("SSL_set_fd error to %s", state->remote_endpt);
- tls_print_errors();
- tlsp_state_free(state);
- return;
- }
-
/*
* XXX Do we care about TLS session rate limits? Good postscreen(8)
* clients will occasionally require the tlsproxy to renew their
projects / thirdparty / postfix.git / commitdiff
