-Tssl_comp_stack_t
-Ttime_t
-Ttlsa_filter
--Tx509_extension_stack_t
-Tx509_stack_t
20001109
Cleanup: changed prototype of internal function that did
- not return a useful result. File: src/util/vstream_popen.c.
+ not return a useful result. Fileutil/vstream_popen.c.
20001110
Safety: postdrop turns off interrupts when cleaning up
after interrupt. The additional safety does not hurt anyone.
- File: src/postdrop/postdrop.c.
+ Filepostdrop/postdrop.c.
20010607
20011105
Bugfix: missing terminator in new attribute-based function
- call caused signal 11. File: src/cleanup/cleanup.c.
+ call caused signal 11. Filecleanup/cleanup.c.
Lame workaround for ESTALE errors with mail delivery over
NFS. Additional bandages were added to the local delivery
Maintenance: LDAP module and documentation from LaMont
Jones. This version adds verbose logging for LDAP library
- routines. Files: src/util/dict_ldap.[hc], LDAP_README,
+ routines. Filesutil/dict_ldap.[hc], LDAP_README,
conf/sample-ldap.cf
Portability: made memory alignment restrictions configurable.
Weird feature: sender-based routing. This will become more
useful once per-address transport map entries are done.
- File: src/*qmgr/qmgr_message.c.
+ File:*qmgr/qmgr_message.c.
20020605
Feature: recipient address verification, using the code
that already implements sender address verification. Based
- on suggestion by Matthias Andree. Files: src/smtpd/smtpd.c,
+ on suggestion by Matthias Andree. Filessmtpd/smtpd.c,
src/smtpd/smtpd_check.c.
20021211
Cleanup: future time stamps in Received: headers and negative
delays in delivery agent logging after "postdrop -r",
because deferred queue files had future file modification
- times. File: src/postsuper/postsuper.c.
+ times. File:postsuper/postsuper.c.
20030521
20040201
Feature: sasl_method, sasl_username and sasl_sender attributes
- in smtpd policy queries. Files: src/smtpd/smtpd_check.c.
+ in smtpd policy queries. Filessmtpd/smtpd_check.c.
20040204
Future proofing: client_rate_time_unit is renamed to
anvil_rate_time_unit, so that it is no longer limited to
- clients only. File: src/global/mail_params.h.
+ clients only. Fileglobal/mail_params.h.
Cleanup: postalias and postmap now log problems to syslogd.
Files: postalias/postalias.c, postmap/postmap.c.
Feature: new smtpd policy attributes ccert_subject,
ccert_issuer and ccert_fingerprint, with TLS client
certificate information, but only when verification was
- successful. Files: src/smtpd/smtpd_check.c.
+ successful. Files:smtpd/smtpd_check.c.
Cleanup: corrected the address verification data flow in
the ADDRESS_VERIFICATION_README illustration.
valid command syntax. Instead they require "improved" syntax
that is not valid on several other systems that Postfix
builds on. So we have to stop using the tail command.
- Files: Makefile.in, src/*/Makefile.in.
+ Files: Makefile.in*/Makefile.in.
20050312
Safety: SASL 2.1.19 has a version lookup routine that we
can use to detect compile time / run time version mis-matches
- (also known as DLL hell). Files: src/smtpd/smtpd_sasl_glue.c,
- src/smtp/smtp_sasl_glue.c, src/lmtp/lmtp_sasl_glue.c.
+ (also known as DLL hell). Filessmtpd/smtpd_sasl_glue.c,
+ src/smtp/smtp_sasl_glue.clmtp/lmtp_sasl_glue.c.
20050404
if you feel brave. File: util/sys_defs.h.
Robustness: re-compile all object files after the "make
- makefiles" options have changed. Files: src/*/Makefile.in.
+ makefiles" options have changed. Files*/Makefile.in.
Tweaking: reply with 5.3.4 when the message size exceeds
the mail system message_size_limit, instead of 5.2.3 which
for some destination. Files: util/argv.c, smtp/smtp_connect.c.
Cleanup: extra dsn_vstring_update_dsn() routine to shut up
- GCC complaints about valid code. Files: src/global/dsn_util.c,
- src/global/mbox_open.c, src/lmtp/lmtp_addr.c, src/smtp/smtp_addr.c,
+ GCC complaints about valid code. Filesglobal/dsn_util.c,
+ src/global/mbox_open.clmtp/lmtp_addr.c, src/smtp/smtp_addr.c,
src/smtp/smtp_connect.c.
20050429
Cleanup: regression tests are now separated into "make
tests" for unprivileged tests, and "make root_tests" for
tests that require privileges to connect to the Postfix
- internal sockets. Files Makefile.in, src/*/Makefile.in.
+ internal sockets. Files Makefile.in*/Makefile.in.
20060201
Bugfix: cut-and-paste error: lmtp_connection_cache_limit
was left with the name of smtp_connection_cache_limit.
- Reported by Victor? File: src/global/mail_params.h.
+ Reported by Victor? Fileglobal/mail_params.h.
20060329
lines of library support, comments not included.
A simple test Milter application for use in regression tests
- is in src/milter/test-milter.c. Queue file modifications are
- tested with a driver at the end src/cleanup/cleanup_milter.c
+ is imilter/test-milter.c. Queue file modifications are
+ tested with a driver at the encleanup/cleanup_milter.c
that reads commands from a script.
To make debugging easier, uncomment the "#define msg_verbose
20060707
Workaround: apparently, Solaris gettimeofday() can return
- out-of range microsecond values. File: src/global/log_adhoc.c.
+ out-of range microsecond values. Fileglobal/log_adhoc.c.
Robustness: the SMTPD policy client now encodes the
ccert_subject and ccert-issuer attributes as xtext. Some
client enforced Mandatory TLS only when talking to an ESMTP
server; enforcement did not happen if Postfix could somehow
be forced to send HELO instead of EHLO. Victor Duchovni.
- File: src/smtp/smtp_proto.c.
+ Filesmtp/smtp_proto.c.
20060718
SunOS 5.10's bundled OpenSSL 0.9.7 and AES 256. Also possible
with OpenSSL 0.9.8 and CAMELLIA 256. Root cause fixed in
upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases. Victor
- Duchovni, Morgan Stanley. Files: src/smtp/smtp_proto.c,
- src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_client.c,
- src/tls/tls_misc.c and src/tls/tls_server.c.
+ Duchovni, Morgan Stanley. Filessmtp/smtp_proto.c,
+ src/smtpd/smtpd.ctls/tls.h, src/tls/tls_client.c,
+ src/tls/tls_misc.c antls/tls_server.c.
20070222
Bitrot: New OpenLDAP APIs deprecate simplified interfaces,
that are the only ones available in Sun's LDAP SDK. Define
suitable macros that work with new OpenLDAP and Sun's code.
- Victor Duchovni, Morgan Stanley. File: src/global/dict_ldap.c
+ Victor Duchovni, Morgan Stanley. Fileglobal/dict_ldap.c
Cleanup: new "leaf" and "terminal" result attributes support
fine-tuning of LDAP group expansion, and provide a solution
for the problem case where DN recursion returns both the
group address and the addresses of the member objects.
- Victor Duchovni, Morgan Stanley. Files: src/global/dict_ldap.c,
+ Victor Duchovni, Morgan Stanley. Filesglobal/dict_ldap.c,
proto/LDAP_README.html, proto/ldap_table
20070317
core dump file with "mail_version=xxxxx". Adding version
stamps and checks to every IPC message is too much change
after code freeze, and requires too much time for testing.
- File: src/global/mail_version.h and every main program file.
+ Fileglobal/mail_version.h and every main program file.
20070320
20070508
Bugfix: Content-Transfer-Encoding: attribute values are
- case insensitive. File: src/cleanup/cleanup_message.c.
+ case insensitive. Filecleanup/cleanup_message.c.
20070514
mechanics of cipher management internal to the library. The
main.cf parameters used internally in the library are now
loaded by the library, not the caller. Files:
- src/smtp/lmtp_params.c, src/smtp/smtp.c, src/smtp/smtp.h,
- src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
- src/smtp/smtp_session.c, src/smtpd/smtpd.c, src/tls/tls.h,
- src/tls/tls_client.c, src/tls/tls_level.c, src/tls/tls_misc.c,
- src/tls/tls_server.c, src/tls/tls_session.c, src/tls/tls_verify.c
- and src/tlsmgr/tlsmgr.c
+ src/smtp/lmtp_params.csmtp/smtp.c, src/smtp/smtp.h,
+ src/smtp/smtp_params.csmtp/smtp_proto.c,
+ src/smtp/smtp_session.csmtpd/smtpd.c, src/tls/tls.h,
+ src/tls/tls_client.ctls/tls_level.c, src/tls/tls_misc.c,
+ src/tls/tls_server.ctls/tls_session.c, src/tls/tls_verify.c
+ antlsmgr/tlsmgr.c
Cleanup: Client session lookup key "salting" is now handled
- internally in the tls library. Files: src/tls/tls_client.c
+ internally in the tls library. Filestls/tls_client.c
Cleanup: Cipher state is cached, and only updated when
- necessary. Files: src/tls/tls_misc.c
+ necessary. Filestls/tls_misc.c
Feature: Extended the syntax of protocol selection to allow
- exclusions as well as inclusions. Files: src/tls/tls_misc.c
+ exclusions as well as inclusions. Filestls/tls_misc.c
Cleanup: Updated default verification depth to match reality:
default is 9 in OpenSSL and we don't yet override it. When
we do (soon), the default will match previous behavior.
- Files: src/global/mail_params.h
+ Filesglobal/mail_params.h
Bugfix: Reference to obsolete "pfixtls" code won't compile
inside #ifdef for OpenSSL <= 0.9.5a. Using an OpenSSL release
that old has not been tested for some time, but may now
- work. Files: src/tls/tls_bio_ops.c.
+ work. Filestls/tls_bio_ops.c.
Replaced "void *" TLS library application handles by explicit
pointer types, while hiding data structure implementation
SMTP client fingerprint security level support and configurable
fingerprint digest algorithm. Victor Duchovni. Files:
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h,
- src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
+ src/smtp/smtp_params.csmtp/smtp_proto.c,
src/smtp/smtp_session.c, tls/tls_client.c, tls/tls_level.c,
tls/tls_verify.c.
limit parameters. Prior to Postfix 2.5 these were ignored.
For backwards compatibility, the default verification depth
limit is now 9, the OpenSSL default. Victor Duchovni. Files:
- src/tls/tls_client.c, src/tls/tls_server.c, src/tls/tls_verify.c.
+ src/tls/tls_client.ctls/tls_server.c, src/tls/tls_verify.c.
Robustness: Avoid possibility of NULL pointer issues in
application code that checks certificate names, by providing
"empty string" values when no data is available. Victor
- Duchovni. Files: src/tls/tls_verify.c, src/tls/tls_client.c,
- src/tls/tls_server.c, src/smtpd/smtpd_check.c, src/smtpd/smtpd.c.
+ Duchovni. Filestls/tls_verify.c, src/tls/tls_client.c,
+ src/tls/tls_server.csmtpd/smtpd_check.c, src/smtpd/smtpd.c.
Cleanup: separation of TLS handshake from security level
enforcement. The library shakes hands; the application
20080207
Cleanup: soft_bounce support for multi-line Milter replies.
- File: src/milter/milter8.c.
+ Filemilter/milter8.c.
Cleanup: preserve multi-line format of header/body Milter
replies. Files: cleanup/cleanup_milter.c, smtpd/smtpd.c.
Safety: the SMTP server's Dovecot authentication client now
enforces the SASL mechanism output filter also on client
- command input. File: src/xsasl/xsasl_dovecot_server.c.
+ command input. Filexsasl/xsasl_dovecot_server.c.
20080311
reject message. Parameters: unverified_recipient_defer_code,
unverified_recipient_reject_reason, unverified_sender_defer_code,
unverified_sender_reject_reason. If I don't do this properly,
- then someone will do it anyway. File: src/smtpd/smtpd_check.c.
+ then someone will do it anyway. Filesmtpd/smtpd_check.c.
20080428
Fine tuning: don't enforce smtpd_junk_command_limit for
XCLIENT and XFORWARD commands. These commands can be issued
- only by authorized clients. File: src/smtpd/smtpd.c.
+ only by authorized clients. Filesmtpd/smtpd.c.
20090215
the results in a later non-production version. To enable
DNSBL lookups, specify "postscreen_dnsbl_sites = name,
name, etc". and restart postscreen(8) with "postfix reload".
- File: src/dnsblog/dnblog.c.
+ Filednsblog/dnblog.c.
20090618
Feature: with "tls_preempt_cipherlist = yes" the Postfix
SMTP server will preempt the remote SMTP client's cipher
preference order. This requires OpenSSL 0.9.7 and later.
- Victor Duchovni. Files: src/smtpd/smtpd.c, src/tls/tls_server.c,
+ Victor Duchovni. Filessmtpd/smtpd.c, src/tls/tls_server.c,
proto/TLS_README.html, proto/postconf.proto.
Future proofing: specify "tls_disable_workarounds = a list
Cleanup: sanitized the name_mask API so that errors will be
ignored only upon explicit request. Files: util/name_mask.[hc],
- src/global/ehlo_mask.c, src/smtp/smtp_proto.c,
- src/util/name_mask.c, src/xsasl/xsasl_dovecot_server.c.
+ src/global/ehlo_mask.csmtp/smtp_proto.c,
+ src/util/name_mask.cxsasl/xsasl_dovecot_server.c.
Cleanup: more TLS overhead horrors for the SMTP client's
PIPELINING engine. Wietse and Victor. File: smtp/smtp_proto.c.
KNOWN (we actually have an owner UID). With most tables,
the owner UID is the file owner UID. With LDAP and *SQL,
the owner UID is the Postfix configuration file owner.
- Files: src/util/dict_unix.c src/util/dict_thash.c
- src/util/dict_static.c src/util/dict_sdbm.c src/util/dict_regexp.c
- src/util/dict_pcre.c src/util/dict_nisplus.c src/util/dict_nis.c
- src/util/dict_ni.c src/util/dict_ht.c src/util/dict_env.c
- src/util/dict_dbm.c src/util/dict_db.c src/util/dict_cidr.c
- src/util/dict_cdb.c src/util/dict_alloc.c src/util/dict.h
- src/util/dict.c src/local/alias.c src/global/dict_sqlite.c
- src/global/dict_pgsql.c src/global/dict_mysql.c
- src/global/dict_ldap.c src/global/cfg_parser.h
+ Filesutil/dict_unix.c src/util/dict_thash.c
+ src/util/dict_static.util/dict_sdbm.c src/util/dict_regexp.c
+ src/util/dict_pcre.util/dict_nisplus.c src/util/dict_nis.c
+ src/util/dict_ni.util/dict_ht.c src/util/dict_env.c
+ src/util/dict_dbm.util/dict_db.c src/util/dict_cidr.c
+ src/util/dict_cdb.util/dict_alloc.c src/util/dict.h
+ src/util/dict.local/alias.c src/global/dict_sqlite.c
+ src/global/dict_pgsql.global/dict_mysql.c
+ src/global/dict_ldap.global/cfg_parser.h
src/global/cfg_parser.c.
20110311
Feature: Base 32 encoder/decoder per RFC 4648. This code
was going to be used for long queue IDs, but plans were
- changed. Files: src/util/base32_code.[hc].
+ changed. Filesutil/base32_code.[hc].
20110313
replaces the Postfix library but not the program (someone
experienced this with an extra copy of the Postfix SMTP
server). Files: global/mail_version.[hc], master/*server.c,
- master/master.c, src/postalias/postalias.c,
- src/postdrop/postdrop.c, src/postfix/postfix.c,
- src/postlog/postlog.c, src/postmap/postmap.c,
- src/postmulti/postmulti.c, src/postqueue/postqueue.c,
- src/postsuper/postsuper.c, src/sendmail/sendmail.c.
+ master/master.cpostalias/postalias.c,
+ src/postdrop/postdrop.cpostfix/postfix.c,
+ src/postlog/postlog.cpostmap/postmap.c,
+ src/postmulti/postmulti.cpostqueue/postqueue.c,
+ src/postsuper/postsuper.csendmail/sendmail.c.
20111211
This was a straightforward change except in the few modules
that propagate errors from one dictionary API to another:
dict_cache.c, dict_debug.c, maps.c, dict_memcache.c. Files:
- src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
- src/global/addr_match_list.c, src/global/dict_ldap.c,
- src/global/dict_memcache.c, src/global/dict_mysql.c,
- src/global/dict_pgsql.c, src/global/dict_proxy.c,
- src/global/dict_sqlite.c, src/global/domain_list.c,
- src/global/flush_clnt.c, src/global/mail_addr_find.c,
- src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
- src/global/match_parent_style.h, src/global/namadr_list.c,
- src/global/resolve_local.c, src/global/resolve_local.h,
- src/global/server_acl.c, src/global/string_list.c,
- src/local/alias.c, src/local/bounce_workaround.c,
- src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
- src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
- src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
- src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
- src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
- src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
- src/util/dict_pcre.c, src/util/dict_regexp.c,
- src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
- src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
- src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.
+ src/cleanup/cleanup_map11.ccleanup/cleanup_map1n.c,
+ src/global/addr_match_list.cglobal/dict_ldap.c,
+ src/global/dict_memcache.cglobal/dict_mysql.c,
+ src/global/dict_pgsql.cglobal/dict_proxy.c,
+ src/global/dict_sqlite.cglobal/domain_list.c,
+ src/global/flush_clnt.cglobal/mail_addr_find.c,
+ src/global/mail_addr_map.cglobal/maps.c, src/global/maps.h,
+ src/global/match_parent_style.hglobal/namadr_list.c,
+ src/global/resolve_local.cglobal/resolve_local.h,
+ src/global/server_acl.cglobal/string_list.c,
+ src/local/alias.clocal/bounce_workaround.c,
+ src/local/mailbox.clocal/unknown.c, src/proxymap/proxymap.c,
+ src/qmqpd/qmqpd.csmtp/smtp_map11.c, src/smtpd/smtpd_check.c,
+ src/trivial-rewrite/resolve.ctrivial-rewrite/transport.c,
+ src/util/dict.hutil/dict_alloc.c, src/util/dict_cache.c,
+ src/util/dict_cidr.cutil/dict_db.c, src/util/dict_debug.c,
+ src/util/dict_env.cutil/dict_fail.c, src/util/dict_ht.c,
+ src/util/dict_pcre.cutil/dict_regexp.c,
+ src/util/dict_static.cutil/dict_tcp.c, src/util/dict_test.c,
+ src/util/dict_thash.cutil/dict_unix.c, src/util/match_list.c,
+ src/util/match_list.hutil/match_ops.c, src/virtual/mailbox.c.
20111226
depend on the unavailable table will keep working. However,
for the sake of sanity, the number of such errors over the
life of a process is limited to 13. Files:
- src/global/cfg_parser.c, src/util/dict_thash.c,
- src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
- src/global/dict_ldap.c, src/global/dict_mysql.c,
- src/global/dict_pgsql.c, src/global/dict_sqlite.c,
- src/postconf/postconf_main.c, src/global/mail_conf.c,
- src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
- src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
- src/util/dict_regexp.c, src/master/trigger_server.c,
- src/master/single_server.c, src/master/multi_server.c,
- src/master/event_server.c, src/util/dict_test.c,
- src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
- src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
+ src/global/cfg_parser.cutil/dict_thash.c,
+ src/util/dict_cidr.cutil/dict_nis.c, src/util/dict_nisplus.c,
+ src/global/dict_ldap.cglobal/dict_mysql.c,
+ src/global/dict_pgsql.cglobal/dict_sqlite.c,
+ src/postconf/postconf_main.cglobal/mail_conf.c,
+ src/util/dict.hutil/dict.c, src/global/dict_memcache.c,
+ src/util/dict_tcp.cutil/dict_unix.c, src/util/dict_pcre.c,
+ src/util/dict_regexp.cmaster/trigger_server.c,
+ src/master/single_server.cmaster/multi_server.c,
+ src/master/event_server.cutil/dict_test.c,
+ src/util/dict_surrogate.cutil/dict_alloc.c, src/util/msg.c,
+ src/util/dict_cdb.cutil/dict_dbm.c, src/util/msg.h,
src/util/dict_db.c.
Incompatibility: the Postfix SMTP server no longer reports
a set of characters. A user name is now separated from its
address extension by the first character that matches the
recipient_delimiter set. Files: proto/postconf.proto,
- src/global/mail_addr_find.c, src/global/mail_params.c,
- src/global/split_addr.c, src/global/split_addr.h,
- src/global/strip_addr.c, src/global/strip_addr.h,
- src/global/strip_addr.ref, src/local/bounce_workaround.c,
- src/local/local.c, src/local/local_expand.c, src/local/recipient.c,
- src/local/resolve.c, src/oqmgr/qmgr_message.c, src/pipe/pipe.c,
- src/qmgr/qmgr_message.c, src/smtpd/smtpd.c,
- src/smtpd/smtpd_check.c, src/trivial-rewrite/transport.c,
+ src/global/mail_addr_find.cglobal/mail_params.c,
+ src/global/split_addr.cglobal/split_addr.h,
+ src/global/strip_addr.cglobal/strip_addr.h,
+ src/global/strip_addr.reflocal/bounce_workaround.c,
+ src/local/local.clocal/local_expand.c, src/local/recipient.c,
+ src/local/resolve.coqmgr/qmgr_message.c, src/pipe/pipe.c,
+ src/qmgr/qmgr_message.csmtpd/smtpd.c,
+ src/smtpd/smtpd_check.ctrivial-rewrite/transport.c,
src/trivial-rewrite/trivial-rewrite.c.
Feature: support for trust anchors, i.e. CA certificates
Files: smtp/smtp.h smtp/smtp_connect.c, smtp/smtp_key.c.
Non-production cleanup: documentation, identifiers. Viktor
- Dukhovni. Files: proto/postconf.proto, src/dns/dns.h,
- src/dns/dns_lookup.c, src/dns/dns_rr.c, src/dns/test_dns_lookup.c,
- src/global/mail_proto.h, src/posttls-finger/posttls-finger.c,
- src/smtp/smtp.h, src/smtp/smtp_addr.c, src/smtp/smtp_connect.c,
- src/smtp/smtp_session.c, src/smtp/smtp_tls_policy.c,
- src/smtpd/smtpd_check.c, src/tls/tls.h, src/tls/tls_client.c,
- src/tls/tls_dane.c, src/tls/tls_fprint.c, src/tls/tls_misc.c,
- src/tls/tls_proxy_clnt.c, src/tls/tls_proxy_print.c,
- src/tls/tls_proxy_scan.c, src/tls/tls_server.c,
+ Dukhovni. Files: proto/postconf.protodns/dns.h,
+ src/dns/dns_lookup.cdns/dns_rr.c, src/dns/test_dns_lookup.c,
+ src/global/mail_proto.hposttls-finger/posttls-finger.c,
+ src/smtp/smtp.hsmtp/smtp_addr.c, src/smtp/smtp_connect.c,
+ src/smtp/smtp_session.csmtp/smtp_tls_policy.c,
+ src/smtpd/smtpd_check.ctls/tls.h, src/tls/tls_client.c,
+ src/tls/tls_dane.ctls/tls_fprint.c, src/tls/tls_misc.c,
+ src/tls/tls_proxy_clnt.ctls/tls_proxy_print.c,
+ src/tls/tls_proxy_scan.ctls/tls_server.c,
src/tls/tls_verify.c.
20130426
features (as opposed to tls_disable_workarounds which is
disables bug workarounds that are on by default). Viktor
Dukhovni. Files: proto/TLS_README.html, proto/postconf.proto,
- src/global/mail_params.h, src/tls/tls.h, src/tls/tls_client.c,
+ src/global/mail_params.htls/tls.h, src/tls/tls_client.c,
src/tls/tls_misc.c.
20130520
nothing is found there, fall back to the qname.
Code by Viktor Dukhovni. Files: mantools/postlink,
- proto/postconf.proto, src/global/mail_params.h,
- src/posttls-finger/posttls-finger.c, src/smtp/lmtp_params.c,
- src/smtp/smtp.c, src/smtp/smtp.h, src/smtp/smtp_addr.c,
- src/smtp/smtp_addr.h, src/smtp/smtp_connect.c,
- src/smtp/smtp_params.c, src/smtp/smtp_tls_policy.c,
- src/tls/tls.h, src/tls/tls_dane.c.
+ proto/postconf.protoglobal/mail_params.h,
+ src/posttls-finger/posttls-finger.csmtp/lmtp_params.c,
+ src/smtp/smtp.csmtp/smtp.h, src/smtp/smtp_addr.c,
+ src/smtp/smtp_addr.hsmtp/smtp_connect.c,
+ src/smtp/smtp_params.csmtp/smtp_tls_policy.c,
+ src/tls/tls.htls/tls_dane.c.
20130826
Cleanup: improve suppression of TLSA lookups in insecure
zones. This is now applied not only to non-MX destinations,
but also to each MX record. Viktor Dukhovni. Files:
- src/posttls-finger/posttls-finger.c, src/smtp/smtp_tls_policy.c,
- src/tls/tls.h, src/tls/tls_dane.c.
+ src/posttls-finger/posttls-finger.csmtp/smtp_tls_policy.c,
+ src/tls/tls.htls/tls_dane.c.
Workaround: increased the 5s connection timeout to 30s.
Viktor Dukhovni. File: posttls-finger/posttls-finger.c.
NOT be supported in DANE with SMTP, and we already don't
support digest TLSA RRs in this case, while full content
TLSA RRs are not recommended for DNS bloat reasons. Viktor
- Dukhovni. Files: proto/postconf.proto src/global/mail_params.h
- src/smtp/smtp.c src/tls/tls_dane.c src/tls/tls_misc.c.
+ Dukhovni. Files: proto/postconf.protglobal/mail_params.h
+ src/smtp/smtp.tls/tls_dane.c src/tls/tls_misc.c.
Feature: TLS support: Support future digest algorithms
without re-compilation. Viktor Dukhovni. Files: .indent.pro
- proto/postconf.proto src/tls/tls_dane.c.
+ proto/postconf.prottls/tls_dane.c.
Feature: DNS support: New configurable digest agility.
Viktor Dukhovni. Files: .indent.pro proto/TLS_README.html
- proto/postconf.proto src/global/mail_params.h src/tls/tls_dane.c
+ proto/postconf.protglobal/mail_params.h src/tls/tls_dane.c
src/tls/tls_misc.c.
20131127
20131130
Cleanup: simplify fingerprint security level implementation
- in new DANE code. Viktor Dukhovni. Files: src/tls/tls.h
- src/smtp/smtp_tls_policy.c src/tls/tls_dane.c
+ in new DANE code. Viktor Dukhovni. Filestls/tls.h
+ src/smtp/smtp_tls_policy.tls/tls_dane.c
src/posttls-finger/posttls-finger.c.
20131209
20131215
Cleanup: OpenSSL "const" declarations have changed over
- time. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c,
- src/tls/tls_dane.c, src/tls/tls_server.c.
+ time. Viktor Dukhovni. Filestls/tls.h, src/tls/tls_client.c,
+ src/tls/tls_dane.ctls/tls_server.c.
20131216
Cleanup: propagate the "SMTPUTF8 support requested" flag
when bouncing a message or when forwarding a message through
a local alias or .forward file. Files: local/forward.c,
- bounce/bounce_notify_util.c, src/global/post_mail.[hc], and
+ bounce/bounce_notify_util.cglobal/post_mail.[hc], and
specify a dummy argument SMTPUTF8_FLAGS_NONE in all other
programs that programs that invoke post_mail_fopen*(),
global/attr_override.[hc], smtpd/smtpd_check.c, milter/milter.c.
Documentation: support for "{ argument with whitespace }"
- in master(5) and pipe(8). Files: proto/master, src/pipe/pipe.c.
+ in master(5) and pipe(8). Files: proto/masterpipe/pipe.c.
Documentation: in ADDRES_VERIFY_README, replaced "nearest
MTA" with "preferred MTA". The SMTP client was changed years
Postfix SMTP server already rejected such domains with
reject_unknown_sender/recipient_domain. This introduces a
new SMTP server configuration parameter nullmx_reject_code
- (default: 556). Files: src/dns/dns_lookup.[hc], dns/Makefile,in,
- dns/nullmx_test.ref, src/smtp/smtp_addr.c, smtpd/smtpd_check.c,
+ (default: 556). Filesdns/dns_lookup.[hc], dns/Makefile,in,
+ dns/nullmx_test.refsmtp/smtp_addr.c, smtpd/smtpd_check.c,
smtpd/smtpd_check_nullmx.in, smtpd/smtpd_check_nullmx.ref,
mantools/postlink, proto/postconf.proto, smtpd/smtpd.c.
dns/dns.h, dns/dns_lookup.c.
Cleanup: eliminate TLS state duplication from state->tls
- to session->tls. Viktor Dukhovni. Files: src/smtp/smtp.h,
- src/smtp/smtp_connect.c, src/smtp/smtp_proto.c,
- src/smtp/smtp_reuse.c, src/smtp/smtp_session.c.
+ to session->tls. Viktor Dukhovni. Filessmtp/smtp.h,
+ src/smtp/smtp_connect.csmtp/smtp_proto.c,
+ src/smtp/smtp_reuse.csmtp/smtp_session.c.
20141203
some non-ASCII character, unlike HTML where it comes out
as itself. Andreas Schulze. This requires jumping a few
hops to generate HTML and nroff input from the same source
- text. Files; mantools/srctoman, mantools/postconf2man.
+ text. Files; mantooloman, mantools/postconf2man.
Cleanup: UTF-8 support in masquerade_domains. File:
cleanup/cleanup_masquerade.c.
error propagation in tlsproxy(8) resulting in segfault after
TLS handshake error. Found during code maintenance. File:
tlsproxy/tlsproxy.c.
+
+20180617
+
+ Bugfix (introduced: Postfix 2.11): minor memory leak when
+ minting issuer certs. This affects a tiny minority of use
+ cases. Viktor Dukhovni, based on a fix by Juan Altmayer
+ Pizzorno for the ssl_dane library.
+
+20181104
+
+ Multiple 'bit rot' fixes for OpenSSL API changes, including
+ support to disable TLSv1.3, and to allow OpenSSL >= 1.1.0
+ run-time micro version bumps without complaining about
+ library version mismatches. Viktor Dukhovni. Files:
+ proto/postconf.proto, proto/TLS_README.html, tls/tls.h,
+ tls/tls_dane.c, tls/tls_verify.c, tls/tls_fprint.c,
+ tls/tls_misc.c, tls/tls_server.c, tls/tls_client.c,
+ tls/tls_rsa.c, posttls-finger/posttls-finger.c, .indent.pro.
smtpd_starttls_timeout = 300s
With Postfix 2.8 and later, the tls_disable_workarounds parameter specifies a
-list or bit-mask of OpenSSL bug work-arounds to disable. This may be necessary
-if one of the work-arounds enabled by default in OpenSSL proves to pose a
-security risk, or introduces an unexpected interoperability issue. Some bug
-work-arounds known to be problematic are disabled in the default value of the
-parameter when linked with an OpenSSL library that could be vulnerable.
+list or bit-mask of default-enabled OpenSSL bug work-arounds to disable. This
+may be necessary if one of the work-arounds enabled by default in OpenSSL
+proves to pose a security risk, or introduces an unexpected interoperability
+issue. The list of enabled bug work-arounds is OpenSSL-release-specific. See
+the tls_disable_workarounds parameter documentation for the list of supported
+values.
Example:
below, or a hexadecimal bitmask of options found in the ssl.h file
corresponding to the run-time OpenSSL library. While it may be reasonable to
turn off all bug workarounds (see above), it is not a good idea to attempt to
-turn on all features.
+turn on all features. See the tls_ssl_options parameter documentation for the
+list of supported values.
-L\bLE\bEG\bGA\bAC\bCY\bY_\b_S\bSE\bER\bRV\bVE\bER\bR_\b_C\bCO\bON\bNN\bNE\bEC\bCT\bT
- See SSL_CTX_set_options(3).
-N\bNO\bO_\b_T\bTI\bIC\bCK\bKE\bET\bT
- See SSL_CTX_set_options(3).
-N\bNO\bO_\b_C\bCO\bOM\bMP\bPR\bRE\bES\bSS\bSI\bIO\bON\bN
- Disable SSL compression even if supported by the OpenSSL library.
- Compression is CPU-intensive, and compression before encryption does not
- always improve security.
Example:
/etc/postfix/main.cf:
</blockquote>
<p> With Postfix 2.8 and later, the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter
-specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This
-may be necessary if one of the work-arounds enabled by default in
-OpenSSL proves to pose a security risk, or introduces an unexpected
-interoperability issue. Some bug work-arounds known to be problematic
-are disabled in the default value of the parameter when linked with
-an OpenSSL library that could be vulnerable. </p>
+specifies a list or bit-mask of default-enabled OpenSSL bug
+work-arounds to disable. This may be necessary if one of the
+work-arounds enabled by default in OpenSSL proves to pose a security
+risk, or introduces an unexpected interoperability issue. The list
+of enabled bug work-arounds is OpenSSL-release-specific. See the
+<a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter documentation for the list of
+supported values.</p>
<p> Example: </p>
found in the ssl.h file corresponding to the run-time OpenSSL
library. While it may be reasonable to turn off all bug workarounds
(see above), it is not a good idea to attempt to turn on all features.
-</p>
-
-<dl>
-
-<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
-supported by the OpenSSL library. Compression is CPU-intensive,
-and compression before encryption does not always improve security. </dd>
-
-</dl>
+See the tls_ssl_options parameter documentation for the list of
+supported values. </p>
<p> Example: </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> Example: </p>
<pre>
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
<dl>
-<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
+OpenSSL 1.0.0.</dd>
-<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
-<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
-as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
-
-<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
+<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
+<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
+as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
+
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
-<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>
-<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
-<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
-OpenSSL 1.0.0.</dd>
+<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
</dl>
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p>
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default. The supported values
+include: </p>
<dl>
+<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
+<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
+fully-patched Postfix ≥ 2.7. Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
+<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix ≥ 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
+≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
.sp
.in +4
.nf
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
At the dane and
dane\-only security
levels, when usable TLSA records are obtained for the remote SMTP
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
.sp
.in +4
.nf
.na
.ft C
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
.fi
.ad
.ft R
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
Example:
.PP
.nf
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
is possible that your OpenSSL version includes new bug work\-arounds
added after your Postfix source code was last updated, in that case
you can only disable one of these via the hexadecimal syntax above.
-.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
+New with GOST support in
+OpenSSL 1.0.0.
.br
-.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3)
.br
-.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
-also aliased
-as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.
-.br
-.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
See
SSL_CTX_\fBset_options\fR(3)
.br
+.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
.IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
also aliased as
\fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.
.br
+.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
+.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
+also aliased
+as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.
+.br
.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
See
SSL_CTX_\fBset_options\fR(3)
.br
-.IP "\fBTLS_D5_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
.br
.IP "\fBTLS_BLOCK_PADDING_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
.br
+.IP "\fBTLS_D5_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
.IP "\fBTLS_ROLLBACK_BUG\fR"
See SSL_CTX_\fBset_options\fR(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6!
.br
-.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
-.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
-New with GOST support in
-OpenSSL 1.0.0.
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
.br
.br
.PP
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea.
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work\-arounds are also valid here, allowing them to be re\-enabled
+if/when they're no longer enabled by default. The supported values
+include:
+.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3).
.br
.IP "\fBNO_TICKET\fR"
-See SSL_CTX_\fBset_options\fR(3).
+Enabled by default when needed in
+fully\-patched Postfix >= 2.7. Not needed at all for Postfix >=
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_\fBset_options\fR(3).
.br
.IP "\fBNO_COMPRESSION\fR"
Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU\-intensive,
and compression before encryption does not always improve security.
.br
+.IP "\fBNO_RENEGOTIATION\fR"
+Postfix >= 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
+Postfix
+>= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBPRIORITIZE_CHACHA\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
.br
.PP
This feature is available in Postfix 2.11 and later.
</blockquote>
<p> With Postfix 2.8 and later, the tls_disable_workarounds parameter
-specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This
-may be necessary if one of the work-arounds enabled by default in
-OpenSSL proves to pose a security risk, or introduces an unexpected
-interoperability issue. Some bug work-arounds known to be problematic
-are disabled in the default value of the parameter when linked with
-an OpenSSL library that could be vulnerable. </p>
+specifies a list or bit-mask of default-enabled OpenSSL bug
+work-arounds to disable. This may be necessary if one of the
+work-arounds enabled by default in OpenSSL proves to pose a security
+risk, or introduces an unexpected interoperability issue. The list
+of enabled bug work-arounds is OpenSSL-release-specific. See the
+tls_disable_workarounds parameter documentation for the list of
+supported values.</p>
<p> Example: </p>
found in the ssl.h file corresponding to the run-time OpenSSL
library. While it may be reasonable to turn off all bug workarounds
(see above), it is not a good idea to attempt to turn on all features.
-</p>
-
-<dl>
-
-<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
-supported by the OpenSSL library. Compression is CPU-intensive,
-and compression before encryption does not always improve security. </dd>
-
-</dl>
+See the tls_ssl_options parameter documentation for the list of
+supported values. </p>
<p> Example: </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> Example: </p>
<pre>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
<dl>
-<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
+OpenSSL 1.0.0.</dd>
-<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
-<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
-as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
-
-<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
+<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
+<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
+as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
+
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
-<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>
-<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
-<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
-OpenSSL 1.0.0.</dd>
+<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
</dl>
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p>
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default. The supported values
+include: </p>
<dl>
+<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
+<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
+fully-patched Postfix ≥ 2.7. Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
+<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix ≥ 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
+≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180519"
-#define MAIL_VERSION_NUMBER "3.0.13"
+#define MAIL_RELEASE_DATE "20181104"
+#define MAIL_VERSION_NUMBER "3.0.14-RC1"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
return (0);
}
-#ifdef USE_TLS
+#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
/* ssl_cleanup - free memory allocated in the OpenSSL library */
CRYPTO_cleanup_all_ex_data();
}
-#endif
+#endif /* USE_TLS && OPENSSL_VERSION_NUMBER
+ * < 0x10100000L */
/* run - do what we were asked to do. */
/* Be valgrind friendly and clean-up */
cleanup(&state);
-#ifdef USE_TLS
+
+ /* OpenSSL 1.1.0 and later (de)initialization is implicit */
+#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
ssl_cleanup();
#endif
/* Appease indent(1) */
#define x509_stack_t STACK_OF(X509)
-#define x509_extension_stack_t STACK_OF(X509_EXTENSION)
#define general_name_stack_t STACK_OF(GENERAL_NAME)
#define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
#define ssl_comp_stack_t STACK_OF(SSL_COMP)
#if (OPENSSL_VERSION_NUMBER < 0x00090700f)
#error "need OpenSSL version 0.9.7 or later"
+#endif
+
+ /* Backwards compatibility with OpenSSL < 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#define X509_up_ref(x) \
+ CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
+#define EVP_PKEY_up_ref(k) \
+ CRYPTO_add(&((k)->references), 1, CRYPTO_LOCK_EVP_PKEY)
+#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
+#define X509_STORE_CTX_get0_untrusted(ctx) ((ctx)->untrusted)
+#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
+#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
+#define ASN1_STRING_get0_data ASN1_STRING_data
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+#endif
+
+ /* Backwards compatibility with OpenSSL < 1.1.1 */
+#if OPENSSL_VERSION_NUMBER < 0x1010100fUL
+#define SSL_CTX_set_num_tickets(ctx, num) ((void)0)
#endif
/* SSL_CIPHER_get_name() got constified in 0.9.7g */
#define SSL_OP_NO_TLSv1_2 0L /* Noop */
#endif
-#ifdef SSL_TXT_TLSV1_3
+ /*
+ * OpenSSL 1.1.1 does not define a TXT macro for TLS 1.3, so we roll our
+ * own.
+ */
+#define TLS_PROTOCOL_TXT_TLSV1_3 "TLSv1.3"
+
+#if defined(TLS1_3_VERSION) && defined(SSL_OP_NO_TLSv1_3)
#define TLS_PROTOCOL_TLSv1_3 (1<<5) /* TLSv1_3 */
#else
-#define SSL_TXT_TLSV1_3 "TLSv1.3"
#define TLS_PROTOCOL_TLSv1_3 0 /* Unknown */
#undef SSL_OP_NO_TLSv1_3
#define SSL_OP_NO_TLSv1_3 0L /* Noop */
#define TLS_KNOWN_PROTOCOLS \
( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
- | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 )
+ | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
#define TLS_SSL_OP_PROTOMASK(m) \
((((m) & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L) \
| (((m) & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) \
*/
tls_check_version();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/*
* Initialize the OpenSSL library by the book! To start with, we must
* initialize the algorithms. We want cleartext error messages instead of
*/
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#endif
/*
* Create an application data index for SSL objects, so that we can
tls_print_errors();
return (0);
}
+#ifdef SSL_SECOP_PEER
+ /* Backwards compatible security as a base for opportunistic TLS. */
+ SSL_CTX_set_security_level(client_ctx, 0);
+#endif
/*
* See the verify callback in tls_verify.c
return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/*
* According to the OpenSSL documentation, temporary RSA key is needed
* export ciphers are in use. We have to provide one, so well, we just do
* it.
*/
SSL_CTX_set_tmp_rsa_callback(client_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Finally, the setup for the server certificate checking, done "by the
if (protomask != 0)
SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask));
+#ifdef SSL_SECOP_PEER
+ /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+ if (TLS_MUST_MATCH(props->tls_level))
+ SSL_set_security_level(TLScontext->con, 1);
+#endif
+
/*
* XXX To avoid memory leaks we must always call SSL_SESSION_free() after
* calling SSL_set_session(), regardless of whether or not the session
{
TLS_CERTS *new = (TLS_CERTS *) mymalloc(sizeof(*new));
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(x);
new->cert = x;
new->next = d->certs;
d->certs = new;
{
TLS_PKEYS *new = (TLS_PKEYS *) mymalloc(sizeof(*new));
- CRYPTO_add(&k->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(k);
new->pkey = k;
new->next = d->pkeys;
d->pkeys = new;
return (matched);
}
-/* push_ext - push extension onto certificate's stack, else free it */
-
-static int push_ext(X509 *cert, X509_EXTENSION *ext)
-{
- x509_extension_stack_t *exts;
-
- if (ext) {
- if ((exts = cert->cert_info->extensions) == 0)
- exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
- if (exts && sk_X509_EXTENSION_push(exts, ext))
- return 1;
- X509_EXTENSION_free(ext);
- }
- return 0;
-}
-
/* add_ext - add simple extension (no config section references) */
static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
{
+ int ret = 0;
X509V3_CTX v3ctx;
+ X509_EXTENSION *ext;
X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
- return push_ext(subject, X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val));
+ if ((ext = X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val)) != 0) {
+ ret = X509_add_ext(subject, ext, -1);
+ X509_EXTENSION_free(ext);
+ }
+ return ret;
}
/* set_serial - set serial number to match akid or use subject's plus 1 */
* self-signature checks!
*/
id = ((akid && akid->keyid) ? akid->keyid : 0);
- if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c)
+ if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_get0_data(id) == c)
c = 1;
if ((akid = AUTHORITY_KEYID_new()) != 0
if (cert) {
if (trusted && !X509_add1_trust_object(cert, serverAuth))
msg_fatal("out of memory");
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(cert);
if (!sk_X509_push(*xs, cert))
msg_fatal("out of memory");
}
*/
if (!X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !X509_set_subject_name(cert, name)
|| !set_issuer_name(cert, akid)
- || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L)
- || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L)
+ || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
+ || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
+ || !X509_set_subject_name(cert, name)
|| !X509_set_pubkey(cert, key ? key : signkey)
|| !add_ext(0, cert, NID_basic_constraints, "CA:TRUE")
|| (key && !add_akid(cert, akid))
int depth = 0;
EVP_PKEY *takey;
X509 *ca;
- X509 *cert = ctx->cert; /* XXX: Accessor? */
- x509_stack_t *in = ctx->untrusted; /* XXX: Accessor? */
+ X509 *cert = X509_STORE_CTX_get0_cert(ctx);
+ x509_stack_t *in = X509_STORE_CTX_get0_untrusted(ctx);
/* shallow copy */
if ((in = sk_X509_dup(in)) == 0)
{
const char *myname = "dane_cb";
TLS_SESS_STATE *TLScontext = (TLS_SESS_STATE *) app_ctx;
- X509 *cert = ctx->cert; /* XXX: accessor? */
+ X509 *cert = X509_STORE_CTX_get0_cert(ctx);
/*
* Degenerate case: depth 0 self-signed cert.
* Check that setting the untrusted chain updates the expected structure
* member at the expected offset.
*/
- X509_STORE_CTX_trusted_stack(ctx, TLScontext->trusted);
- X509_STORE_CTX_set_chain(ctx, TLScontext->untrusted);
- if (ctx->untrusted != TLScontext->untrusted)
+ X509_STORE_CTX_set0_trusted_stack(ctx, TLScontext->trusted);
+ X509_STORE_CTX_set0_untrusted(ctx, TLScontext->untrusted);
+ if (X509_STORE_CTX_get0_untrusted(ctx) != TLScontext->untrusted)
msg_panic("%s: OpenSSL ABI change", myname);
return X509_verify_cert(ctx);
tls_param_init();
tls_check_version();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
SSL_library_init();
+#endif
if (!tls_validate_digest(LN_sha1))
msg_fatal("%s digest algorithm not available", LN_sha1);
msg_panic("digest algorithm \"%s\" not found", mdalg);
/* Salt the session lookup key with the OpenSSL runtime version. */
- sslversion = SSLeay();
+ sslversion = OpenSSL_version_num();
mdctx = EVP_MD_CTX_create();
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
SSL_TXT_TLSV1, TLS_PROTOCOL_TLSv1,
SSL_TXT_TLSV1_1, TLS_PROTOCOL_TLSv1_1,
SSL_TXT_TLSV1_2, TLS_PROTOCOL_TLSv1_2,
- SSL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
+ TLS_PROTOCOL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
0, TLS_PROTOCOL_INVALID,
};
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0
#endif
NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
+
+#ifndef SSL_OP_TLSEXT_PADDING
+#define SSL_OP_TLSEXT_PADDING 0
+#endif
+ NAMEBUG(TLSEXT_PADDING),
+
+#if 0
+
+ /*
+ * XXX: New with OpenSSL 1.1.1, this is turned on implicitly in
+ * SSL_CTX_new() and is not included in SSL_OP_ALL. Allowing users to
+ * disable this would thus a code change that would clearing bug
+ * work-around bits in SSL_CTX, after setting SSL_OP_ALL. Since this is
+ * presumably required for TLS 1.3 on today's Internet, the code change
+ * will be done separately later. For now this implicit bug work-around
+ * cannot be disabled via supported Postfix mechanisms.
+ */
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
+#endif
+ NAMEBUG(ENABLE_MIDDLEBOX_COMPAT),
+#endif
+
0, 0,
};
#define SSL_OP_NO_COMPRESSION 0
#endif
NAME_SSL_OP(NO_COMPRESSION),
+
+#ifndef SSL_OP_NO_RENEGOTIATION
+#define SSL_OP_NO_RENEGOTIATION 0
+#endif
+ NAME_SSL_OP(NO_RENEGOTIATION),
+
+#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
+#endif
+ NAME_SSL_OP(NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+
+#ifndef SSL_OP_PRIORITIZE_CHACHA
+#define SSL_OP_PRIORITIZE_CHACHA 0
+#endif
+ NAME_SSL_OP(PRIORITIZE_CHACHA),
+
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
+#endif
+ NAME_SSL_OP(ENABLE_MIDDLEBOX_COMPAT),
+
0, 0,
};
+ /*
+ * Once these have been a NOOP long enough, they might some day be removed
+ * from OpenSSL. The defines below will avoid bitrot issues if/when that
+ * happens.
+ */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
/*
* Ciphersuite name <=> code conversion.
*/
static ARGV *exclude; /* Cached */
SSL *s = 0;
ssl_cipher_stack_t *ciphers;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
const cipher_probe_t *probe;
int alg_bits;
int num;
TLS_VINFO lib_info;
tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
- tls_version_split(SSLeay(), &lib_info);
+ tls_version_split(OpenSSL_version_num(), &lib_info);
+ /*
+ * Warn if run-time library is different from compile-time library,
+ * allowing later run-time "micro" versions starting with 1.1.0.
+ */
if (lib_info.major != hdr_info.major
|| lib_info.minor != hdr_info.minor
- || lib_info.micro != hdr_info.micro)
+ || (lib_info.micro != hdr_info.micro
+ && (lib_info.micro < hdr_info.micro
+ || hdr_info.major == 0
+ || (hdr_info.major == 1 && hdr_info.minor == 0))))
msg_warn("run-time library vs. compile-time header version mismatch: "
"OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
lib_info.major, lib_info.minor, lib_info.micro,
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
OPENSSL_VERSION_NUMBER < 0x10000000L
- long lib_version = SSLeay();
+ long lib_version = OpenSSL_version_num();
/*
* In OpenSSL 0.9.8[ab], enabling zlib compression breaks the padding bug
enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
bits |= enable;
}
+
+ /*
+ * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+ * keys via a callback, so reuse was never possible, but the ECDH key is
+ * set statically, so that is potentially subject to reuse. Set both
+ * options just in case.
+ */
+ bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
return (bits);
}
#include <tls.h>
#include <openssl/rsa.h>
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
RSA *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
return (rsa_tmp);
}
+#endif /* OPENSSL_VERSION_NUMBER */
+
#ifdef TEST
#include <msg_vstream.h>
int main(int unused_argc, char *const argv[])
{
+ int ok = 0;
+
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
RSA *rsa;
- int ok;
msg_vstream_init(argv[0], VSTREAM_ERR);
/* Non-export or unexpected bit length should fail */
ok = ok && tls_tmp_rsa_cb(0, 0, 512) == 0;
ok = ok && tls_tmp_rsa_cb(0, 1, 1024) == 0;
+#endif
return ok ? 0 : 1;
}
#endif /* OPENSSL_VERSION_NUMBER */
+ /* OpenSSL 1.1.0 bitrot */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+typedef const unsigned char *session_id_t;
+
+#else
+typedef unsigned char *session_id_t;
+
+#endif
+
/* get_server_session_cb - callback to retrieve session from server cache */
-static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id,
+static SSL_SESSION *get_server_session_cb(SSL *ssl, session_id_t session_id,
int session_id_length,
int *unused_copy)
{
buf = vstring_alloc(2 * (len + strlen(service))); \
hex_encode(buf, (char *) (id), (len)); \
vstring_sprintf_append(buf, "&s=%s", (service)); \
- vstring_sprintf_append(buf, "&l=%ld", (long) SSLeay()); \
+ vstring_sprintf_append(buf, "&l=%ld", (long) OpenSSL_version_num()); \
} while (0)
*/
tls_check_version();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/*
* Initialize the OpenSSL library by the book! To start with, we must
* initialize the algorithms. We want cleartext error messages instead of
*/
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#endif
/*
* First validate the protocols. If these are invalid, we can't continue.
tls_print_errors();
return (0);
}
+#ifdef SSL_SECOP_PEER
+ /* Backwards compatible security as a base for opportunistic TLS. */
+ SSL_CTX_set_security_level(server_ctx, 0);
+#endif
/*
* See the verify callback in tls_verify.c
ticketable = 0;
}
}
- if (ticketable)
+ if (ticketable) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_cb);
+
+ /*
+ * OpenSSL 1.1.1 introduces support for TLS 1.3, which can issue more
+ * than one ticket per handshake. While this may be appropriate for
+ * communication between browsers and webservers, it is not terribly
+ * useful for MTAs, many of which other than Postfix don't do TLS
+ * session caching at all, and Postfix has no mechanism for storing
+ * multiple session tickets, if more than one sent, the second
+ * clobbers the first. OpenSSL 1.1.1 servers default to issuing two
+ * tickets for non-resumption handshakes, we reduce this to one. Our
+ * ticket decryption callback already (since 2.11) asks OpenSSL to
+ * avoid issuing new tickets when the presented ticket is re-usable.
+ */
+ SSL_CTX_set_num_tickets(server_ctx, 1);
+ }
#endif
if (!ticketable)
off |= SSL_OP_NO_TICKET;
return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/*
* According to OpenSSL documentation, a temporary RSA key is needed when
* export ciphers are in use, because the certified key cannot be
* directly used.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Diffie-Hellman key generation parameters can either be loaded from
tls_free_context(TLScontext);
return (0);
}
+#ifdef SSL_SECOP_PEER
+ /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+ if (props->requirecert)
+ SSL_set_security_level(TLScontext->con, 1);
+#endif
/*
* Before really starting anything, try to seed the PRNG a little bit
TLScontext->peer_pkey_fprint);
}
X509_free(peer);
+
+ /*
+ * Give them a clue. Problems with trust chain verification are
+ * logged when the session is first negotiated, before the session is
+ * stored into the cache. We don't want mystery failures, so log the
+ * fact the real problem is to be found in the past.
+ */
+ if (!TLS_CERT_IS_TRUSTED(TLScontext)
+ && (TLScontext->log_mask & TLS_LOG_UNTRUSTED)) {
+ if (TLScontext->session_reused == 0)
+ tls_log_verify_error(TLScontext);
+ else
+ msg_info("%s: re-using session with untrusted certificate, "
+ "look for details earlier in the log",
+ TLScontext->namaddr);
+ }
} else {
TLScontext->peer_CN = mystrdup("");
TLScontext->issuer_CN = mystrdup("");
if (TLScontext->errorcert != 0)
X509_free(TLScontext->errorcert);
if (errorcert != 0)
- CRYPTO_add(&errorcert->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(errorcert);
TLScontext->errorcert = errorcert;
TLScontext->errorcode = errorcode;
TLScontext->errordepth = depth;
/*
* Safe to treat as an ASCII string possibly holding a DNS name
*/
- dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
+ dnsname = (const char *) ASN1_STRING_get0_data(gn->d.ia5);
len = ASN1_STRING_length(gn->d.ia5);
TRIM0(dnsname, len);
projects / thirdparty / postfix.git / commitdiff
