Postfix that would need to be converted to int64_t, or to
long long which just like time_t is a 64-bit type on many
ILP32 and LP64 systems.
+
+20250730
+
+ Bugfix (defect introduced: Postfix 3.6, date 20200710):
+ Postfix TLS client code logged "Untrusted TLS connection"
+ (wrong) instead of "Trusted TLS connection" (right) for a
+ resumed TLS session, when a server offered a trusted (valid
+ PKI trust chain) certificate that did not match the expected
+ server name pattern. Viktor Dukhovni. Files: tls/tls_client.c,
+ tls/tls_verify.c.
+
+ Cleanup: make the manpage extraction tooling smarter about
+ section headings, and remove the now unnecessary explicit
+ ".SH" formatting requests. This produces zero visible change
+ in formatted Postfix manpages. Files: mantools/srctoman,
+ src/global/config_known_tcp_ports.c, postmulti/postmulti.c,
+ tls/tls_misc.c.
+
+ Regenerate all manpages, causing parameter summaries to be
+ updated with new descriptions from postconf(5). Files:
+ conf/postfix-tls-script, discard/discard.c, error/error.c,
+ oqmgr/qmgr.c, postmulti/postmulti.c, qmgr/qmgr.c,
+ virtual/virtual.c.
# The location of the OpenSSL command line program \fBopenssl\fR(1).
# .IP "\fBsmtp_tls_loglevel (0)\fR"
# Enable additional Postfix SMTP client logging of TLS activity.
-# .IP "\fBsmtp_tls_security_level (empty)\fR"
+# .IP "\fBsmtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty)\fR"
# The default SMTP TLS security level for the Postfix SMTP client.
# .IP "\fBsmtp_tls_session_cache_database (empty)\fR"
# Name of the file containing the optional Postfix SMTP client
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
The sender address of postmaster notifications that are gener-
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
The sender address of postmaster notifications that are gener-
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
Log warnings about problematic configuration settings, and pro-
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of TLS activity.
- <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (Postfix</b> ><b>= 3.11: may; Postfix</b> < <b>3.11: empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
Log warnings about problematic configuration settings, and pro-
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
The location of the OpenSSL command line program \fBopenssl\fR(1).
.IP "\fBsmtp_tls_loglevel (0)\fR"
Enable additional Postfix SMTP client logging of TLS activity.
-.IP "\fBsmtp_tls_security_level (empty)\fR"
+.IP "\fBsmtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty)\fR"
The default SMTP TLS security level for the Postfix SMTP client.
.IP "\fBsmtp_tls_session_cache_database (empty)\fR"
Name of the file containing the optional Postfix SMTP client
.PP
Iterator mode implements the following command options:
.SH "Instance selection"
+.na
+.nf
+.ad
+.fi
.IP \fB\-a\fR
Perform the operation on all instances. This is the default.
.IP "\fB\-g \fIgroup\fR"
.sp
This option cannot be used with \fB\-p\fR.
.SH "List mode"
+.na
+.nf
+.ad
+.fi
.IP \fB\-l\fR
List Postfix instances with their instance name, instance
group name, enable/disable status and configuration directory.
-.SH "Postfix\-wrapper mode"
+.SH "Postfix-wrapper mode"
+.na
+.nf
+.ad
+.fi
.IP "\fB\-p \fIpostfix\-command\fR"
Invoke \fBpostfix(1)\fR to execute \fIpostfix\-command\fR.
This option implements the \fBpostfix\-wrapper\fR(5) interface.
# postmulti \-g msa \-p start
.RE
.SH "Command mode"
+.na
+.nf
+.ad
+.fi
.IP "\fB\-x \fIunix\-command\fR"
Execute the specified \fIunix\-command\fR for all Postfix instances.
The command runs with appropriate environment settings for
multi_instance_name, multi_instance_group and
multi_instance_enable.
.SH "Other options"
+.na
+.nf
+.ad
+.fi
.IP \fB\-v\fR
Enable verbose logging for debugging purposes. Multiple
\fB\-v\fR options make the software increasingly verbose.
.PP
The following options are implemented:
.SH "Existing instance selection"
+.na
+.nf
+.ad
+.fi
.IP \fB\-a\fR
When creating or importing an instance, place the new
instance at the front of the secondary instance list.
the named existing instance. Specify "\-" to select the
primary Postfix instance.
.SH "New or existing instance name assignment"
+.na
+.nf
+.ad
+.fi
.IP "\fB\-I \fIname\fR"
Assign the specified instance \fIname\fR to an existing
instance, newly\-created instance, or imported instance.
Assign the specified \fIgroup\fR name to an existing instance
or to a newly created or imported instance.
.SH "Instance creation/deletion/status change"
+.na
+.nf
+.ad
+.fi
.IP "\fB\-e \fIaction\fR"
"Edit" managed instances. The following actions are supported:
.RS
"postmulti \-p start" and so on. The instance can still be
started etc. with "postfix \-c config\-directory start".
.SH "Other options"
+.na
+.nf
+.ad
+.fi
.IP \fB\-v\fR
Enable verbose logging for debugging purposes. Multiple
\fB\-v\fR options make the software increasingly verbose.
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
The sender address of postmaster notifications that are generated
by the mail system.
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
The sender address of postmaster notifications that are generated
by the mail system.
unless someone issues "\fBsendmail \-q\fR" or equivalent.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBhelpful_warnings (yes)\fR"
Log warnings about problematic configuration settings, and provide
helpful suggestions.
unless someone issues "\fBsendmail \-q\fR" or equivalent.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBhelpful_warnings (yes)\fR"
Log warnings about problematic configuration settings, and provide
helpful suggestions.
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
communication channel.
/^HISTORY/s//.SH &\
.ad\
.fi/
- /^[A-Z][A-Z][A-Z][^a-z]*$/s//.SH "&"\
+ /^[A-Z][A-Za-z][A-Za-z].*$/s//.SH "&"\
.na\
.nf/
p
long long which just like time_t is a 64 bit type on many
File tls tls h
dual purpose field File tls tls h
+ conf postfix tls script discard discard c error error c
+ oqmgr qmgr c postmulti postmulti c qmgr qmgr c
+ src global config_known_tcp_ports c postmulti postmulti c
+ virtual virtual c
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBdouble_bounce_sender (double-bounce)\fR"
/* The sender address of postmaster notifications that are generated
/* by the mail system.
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBdouble_bounce_sender (double-bounce)\fR"
/* The sender address of postmaster notifications that are generated
/* by the mail system.
/* in the settings argument, and reports any warnings to the standard
/* error stream. The source argument is used to provide warning
/* context. It typically is a configuration parameter name.
-/* .SH EXPECTED SYNTAX (ABNF)
+/* EXPECTED SYNTAX (ABNF)
/* configuration = empty | name-to-port *("," name-to-port)
/* name-to-port = 1*(name "=") port
-/* SH EXAMPLES
+/* EXAMPLES
/* In the example below, the whitespace is optional.
/* smtp = 25, smtps = submissions = 465, submission = 587
/* LICENSE
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20250729"
+#define MAIL_RELEASE_DATE "20250730"
#define MAIL_VERSION_NUMBER "3.11"
#ifdef SNAPSHOT
/* unless someone issues "\fBsendmail -q\fR" or equivalent.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBhelpful_warnings (yes)\fR"
/* Log warnings about problematic configuration settings, and provide
/* helpful suggestions.
/* command is performed just for the primary instance.
/* .PP
/* Iterator mode implements the following command options:
-/* .SH "Instance selection"
+/* Instance selection
+/* .ad
+/* .fi
/* .IP \fB-a\fR
/* Perform the operation on all instances. This is the default.
/* .IP "\fB-g \fIgroup\fR"
/* are started before "source" instances.
/* .sp
/* This option cannot be used with \fB-p\fR.
-/* .SH "List mode"
+/* List mode
+/* .ad
+/* .fi
/* .IP \fB-l\fR
/* List Postfix instances with their instance name, instance
/* group name, enable/disable status and configuration directory.
-/* .SH "Postfix-wrapper mode"
+/* Postfix-wrapper mode
+/* .ad
+/* .fi
/* .IP "\fB-p \fIpostfix-command\fR"
/* Invoke \fBpostfix(1)\fR to execute \fIpostfix-command\fR.
/* This option implements the \fBpostfix-wrapper\fR(5) interface.
/* .IP
/* # postmulti -g msa -p start
/* .RE
-/* .SH "Command mode"
+/* Command mode
+/* .ad
+/* .fi
/* .IP "\fB-x \fIunix-command\fR"
/* Execute the specified \fIunix-command\fR for all Postfix instances.
/* The command runs with appropriate environment settings for
/* config_directory, queue_directory, data_directory,
/* multi_instance_name, multi_instance_group and
/* multi_instance_enable.
-/* .SH "Other options"
+/* Other options
+/* .ad
+/* .fi
/* .IP \fB-v\fR
/* Enable verbose logging for debugging purposes. Multiple
/* \fB-v\fR options make the software increasingly verbose.
/* multi-instance status of an existing instance.
/* .PP
/* The following options are implemented:
-/* .SH "Existing instance selection"
+/* Existing instance selection
+/* .ad
+/* .fi
/* .IP \fB-a\fR
/* When creating or importing an instance, place the new
/* instance at the front of the secondary instance list.
/* With other life-cycle operations, apply the operation to
/* the named existing instance. Specify "-" to select the
/* primary Postfix instance.
-/* .SH "New or existing instance name assignment"
+/* New or existing instance name assignment
+/* .ad
+/* .fi
/* .IP "\fB-I \fIname\fR"
/* Assign the specified instance \fIname\fR to an existing
/* instance, newly-created instance, or imported instance.
/* .IP "\fB-G \fIgroup\fR"
/* Assign the specified \fIgroup\fR name to an existing instance
/* or to a newly created or imported instance.
-/* .SH "Instance creation/deletion/status change"
+/* Instance creation/deletion/status change
+/* .ad
+/* .fi
/* .IP "\fB-e \fIaction\fR"
/* "Edit" managed instances. The following actions are supported:
/* .RS
/* the instance will not be started etc. with "postfix start",
/* "postmulti -p start" and so on. The instance can still be
/* started etc. with "postfix -c config-directory start".
-/* .SH "Other options"
+/* Other options
+/* .ad
+/* .fi
/* .IP \fB-v\fR
/* Enable verbose logging for debugging purposes. Multiple
/* \fB-v\fR options make the software increasingly verbose.
/* unless someone issues "\fBsendmail -q\fR" or equivalent.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBhelpful_warnings (yes)\fR"
/* Log warnings about problematic configuration settings, and provide
/* helpful suggestions.
static void verify_x509(TLS_SESS_STATE *TLScontext, X509 *peercert,
const TLS_CLIENT_START_PROPS *props)
{
+ int x509_err = SSL_get_verify_result(TLScontext->con);
/*
* On exit both peer_CN and issuer_CN should be set.
* Is the certificate trust chain trusted and matched? Any required name
* checks are now performed internally in OpenSSL.
*/
- if (SSL_get_verify_result(TLScontext->con) == X509_V_OK) {
+ if (x509_err == X509_V_OK) {
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
if (TLScontext->must_fail) {
msg_panic("%s: cert valid despite trust init failure",
}
}
} else if (TLS_MUST_MATCH(TLScontext->level) &&
- TLScontext->errordepth == 0 &&
- TLScontext->errorcode == X509_V_ERR_HOSTNAME_MISMATCH) {
+ x509_err == X509_V_ERR_HOSTNAME_MISMATCH) {
/*
* If the only error is a hostname mismatch, the certificate must have
* been trusted.
/* SUMMARY
/* miscellaneous TLS support routines
/* SYNOPSIS
-/* .SH Public functions
-/* .nf
-/* .na
+/* Public functions
/* #include <tls.h>
/*
/* void tls_log_summary(role, usage, TLScontext)
/* void tls_pre_jail_init(TLS_ROLE)
/* TLS_ROLE role;
/*
-/* .SH Internal functions
-/* .nf
-/* .na
+/* Internal functions
/* #define TLS_INTERNAL
/* #include <tls.h>
/*
/* update_error_state - safely stash away error state */
-static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
- X509 *errorcert, int errorcode)
+static void update_error_state(X509_STORE_CTX *ctx, TLS_SESS_STATE *TLScontext,
+ int depth, X509 *errorcert, int errorcode)
{
+
/*
* Report the error that is closest to the leaf certificate, any errors
* higher up the chain are immaterial until the "inner" errors are fixed.
* with a hostname mismatch. Any other error has a higher priority.
*/
if (TLScontext->errordepth >= 0) {
- if (TLScontext->errordepth <= depth &&
- TLScontext->errorcode != X509_V_ERR_HOSTNAME_MISMATCH)
- return;
- if (errorcode == X509_V_ERR_HOSTNAME_MISMATCH)
+ if ((TLScontext->errordepth <= depth &&
+ TLScontext->errorcode != X509_V_ERR_HOSTNAME_MISMATCH) ||
+ errorcode == X509_V_ERR_HOSTNAME_MISMATCH) {
+ X509_STORE_CTX_set_error(ctx, TLScontext->errorcode);
return;
+ }
}
/*
if (TLScontext->must_fail) {
if (depth == 0) {
X509_STORE_CTX_set_error(ctx, err = X509_V_ERR_UNSPECIFIED);
- update_error_state(TLScontext, depth, cert, err);
+ update_error_state(ctx, TLScontext, depth, cert, err);
}
return (1);
}
if (ok == 0)
- update_error_state(TLScontext, depth, cert, err);
+ update_error_state(ctx, TLScontext, depth, cert, err);
if (TLScontext->log_mask & TLS_LOG_VERBOSE) {
if (cert) {
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBipc_timeout (3600s)\fR"
/* The time limit for sending or receiving information over an internal
/* communication channel.
projects / thirdparty / postfix.git / commitdiff
