From: Wietse Venema Date: Thu, 7 Mar 2019 05:00:00 +0000 (-0500) Subject: postfix-3.4.1 X-Git-Tag: v3.4.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82ae7339eab5bdf9a5777fefc931ae37ce972c1d;p=thirdparty%2Fpostfix.git postfix-3.4.1 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 775946233..9839a370f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24165,7 +24165,7 @@ Apologies for any names omitted. 20190304 - Bugfix: a reversed test broke TLS configurations that have - the private key and certificate in the same file. Reported - by Mike Kazantsev. Fix by Viktor Dukhovni. File: - tls/tls_certkey.c. + Bugfix: a reversed test broke TLS configurations that specify + the same filename for a private key and certificate. Reported + by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the + test. Files: tls/tls_certkey.c, tls/Makefile.in. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 63743fc74..7ae7c01b8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190304" -#define MAIL_VERSION_NUMBER "3.4.1-RC1" +#define MAIL_RELEASE_DATE "20190307" +#define MAIL_VERSION_NUMBER "3.4.1" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index a4ea16a20..dabd6403c 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -58,6 +58,16 @@ tls_certkey_tests: test $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -m $$pem > $$pem.out 2>&1 || exit 1; \ diff $$pem.ref $$pem.out || exit 1; \ echo " $$pem: OK"; \ + $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k $$pem $$pem > $$pem.out 2>&1 || exit 1; \ + diff $$pem.ref $$pem.out || exit 1; \ + echo " $$pem (with key in $$pem): OK"; \ + case $$pem in good-*) \ + ln -sf $$pem tmpkey.pem; \ + $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k tmpkey.pem $$pem > $$pem.out 2>&1 || exit 1; \ + diff $$pem.ref $$pem.out || exit 1; \ + echo " $$pem (with key in tmpkey.pem): OK"; \ + rm -f tmpkey.pem;; \ + esac; \ done; \ for pem in bad-*.pem; do \ $(SHLIB_ENV) $(VALGRIND) ./tls_certkey $$pem > $$pem.out 2>&1 && exit 1 || : ok; \ diff --git a/postfix/src/tls/tls_certkey.c b/postfix/src/tls/tls_certkey.c index 182f2f734..74b2fd1cd 100644 --- a/postfix/src/tls/tls_certkey.c +++ b/postfix/src/tls/tls_certkey.c @@ -690,6 +690,7 @@ int main(int argc, char *argv[]) int ch; int mixed = 0; int ret; + char *key_file = 0; SSL_CTX *ctx; #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -707,8 +708,11 @@ int main(int argc, char *argv[]) tls_print_errors(); exit(1); } - while ((ch = GETOPT(argc, argv, "m")) > 0) { + while ((ch = GETOPT(argc, argv, "mk:")) > 0) { switch (ch) { + case 'k': + key_file = optarg; + break; case 'm': mixed = 1; break; @@ -722,7 +726,9 @@ int main(int argc, char *argv[]) if (argc < 1) usage(); - if (mixed) + if (key_file) + ret = set_cert_stuff(ctx, "any", argv[0], key_file) == 0; + else if (mixed) ret = load_mixed_file(ctx, argv[0]); else ret = load_chain_files(ctx, argv[0]);