From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 4 Feb 2013 23:24:13 +0000 (+0000)
Subject: postfix-2.9.6
X-Git-Tag: v2.9.6^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2fc1443a4646c50d2242fc51240e4ee26d560d0;p=thirdparty%2Fpostfix.git

postfix-2.9.6
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index b8fe6db19..a186bd50b 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -17756,3 +17756,30 @@ Apologies for any names omitted.
 	This part of the code is not documented and had escaped
 	testing.  Files: util/ip_match.c, util/ip_match.in,
 	util/ip_match.ref.
+
+20121230
+
+	Bugfix (omission in feature 20111106): the postconf(1)
+	master.cf options parser didn't support "clusters" of
+	command-line option letters. File: postconf/postconf_master.c,
+	postconf/test40.ref.
+
+20130131
+
+	Bugfix: the local(8) delivery agent dereferenced a null
+	pointer while delivering to null command (for example, "|"
+	in a .forward file).  Reported by Gilles Chehade.
+
+20130203
+
+	Bugfix: the undocumented OpenSSL X509_pubkey_digest()
+	function is unsuitable for computing certificate PUBLIC KEY
+	fingerprints.  Postfix now provides a correct procedure
+	that accounts for the algorithm and parameters in addition
+	to the key data.  Specify "tls_legacy_public_key_fingerprints
+	= yes" if you need backwards compatibility. Fix by Victor
+	Duchovni, BC added by Wietse.  Files: tls/tls_verify.c,
+	tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.
+
+	Bugfix: the 20121010 fix for tls_misc.c was documented but
+	not included.
diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index 1bf1d3076..1945428f3 100644
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -462,6 +462,34 @@ host:
     /etc/postfix/relay_clientcerts:
         D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home
 
+To extract the public key fingerprint from an X.509 certificate, you need to
+extract the public key from the certificate and compute the appropriate digest
+of its DER (ASN.1) encoding. With OpenSSL the "-pubkey" option of the "x509"
+command extracts the public key always in "PEM" format. We pipe the result to
+another OpenSSL command that converts the key to DER and then to the "dgst"
+command to compute the fingerprint.
+
+The actual command to transform the key to DER format depends on the version of
+OpenSSL used. With OpenSSL 1.0.0 and later, the "pkey" command supports all key
+types. With OpenSSL 0.9.8 and earlier, the key type is always RSA (nobody uses
+DSA, and EC keys are not fully supported by 0.9.8), so the "rsa" command is
+used.
+
+    # OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+    $ openssl x509 -in cert.pem -noout -pubkey |
+        openssl pkey -pubin -outform DER |
+        openssl dgst -sha1 -c
+    (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+    # OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+    $ openssl x509 -in cert.pem -noout -pubkey |
+        openssl rsa -pubin -outform DER |
+        openssl dgst -md5 -c
+    (stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+
+Note: Postfix 2.9.0-2.9.5 computed the public key fingerprint incorrectly. To
+use public-key fingerprints, upgrade to Postfix 2.9.6 or later.
+
 SSeerrvveerr--ssiiddee cciipphheerr ccoonnttrroollss
 
 The Postfix SMTP server supports 5 distinct cipher security levels as specified
@@ -823,6 +851,34 @@ the example above, we show two matching fingerprints:
             match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
             match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
 
+To extract the public key fingerprint from an X.509 certificate, you need to
+extract the public key from the certificate and compute the appropriate digest
+of its DER (ASN.1) encoding. With OpenSSL the "-pubkey" option of the "x509"
+command extracts the public key always in "PEM" format. We pipe the result to
+another OpenSSL command that converts the key to DER and then to the "dgst"
+command to compute the fingerprint.
+
+The actual command to transform the key to DER format depends on the version of
+OpenSSL used. With OpenSSL 1.0.0 and later, the "pkey" command supports all key
+types. With OpenSSL 0.9.8 and earlier, the key type is always RSA (nobody uses
+DSA, and EC keys are not fully supported by 0.9.8), so the "rsa" command is
+used.
+
+    # OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+    $ openssl x509 -in cert.pem -noout -pubkey |
+        openssl pkey -pubin -outform DER |
+        openssl dgst -sha1 -c
+    (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+    # OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+    $ openssl x509 -in cert.pem -noout -pubkey |
+        openssl rsa -pubin -outform DER |
+        openssl dgst -md5 -c
+    (stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+
+Note: Postfix 2.9.0-2.9.5 computed the public key fingerprint incorrectly. To
+use public-key fingerprints, upgrade to Postfix 2.9.6 or later.
+
 MMaannddaattoorryy sseerrvveerr cceerrttiiffiiccaattee vveerriiffiiccaattiioonn
 
 At the "verify" TLS security level, messages are sent only over TLS encrypted
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 6505c787a..719c1db4f 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -14,6 +14,36 @@ specifies the release date of a stable release or snapshot release.
 If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
 before proceeding.
 
+Major changes with Postfix 2.9.6
+--------------------------------
+
+Thanks to OpenSSL documentation, the Postfix 2.9.0..2.9.5 SMTP
+client and server computed incorrect TLS certificate PUBLIC-KEY
+fingerprints.  Support for certificate PUBLIC-KEY finger prints
+was introduced with Postfix 2.9; there is no known problem with the
+certificate fingerprint algorithms available since Postfix 2.2.
+
+Certificate PUBLIC-KEY finger prints may be used in the Postfix
+SMTP server (with "check_ccert_access") and in the Postfix SMTP
+client (with the "fingerprint" security level).  
+
+Specify "tls_legacy_public_key_fingerprints = yes" temporarily, 
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate PUBLIC-KEY finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later.
+
+To compute the correct PUBLIC-KEY finger prints:
+
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey | \
+    openssl pkey -pubin -outform DER | \
+    openssl dgst -sha1 -c
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey | \
+    openssl rsa -pubin -outform DER | \
+    openssl dgst -md5 -c
+
 Major changes with Postfix 2.9.2
 --------------------------------
 
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 51299360d..9924014aa 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -677,6 +677,39 @@ the name of the user or host:</p>
 </pre>
 </blockquote>
 
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+<p> Note: Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <h3><a name="server_cipher">Server-side cipher controls</a> </h3>
 
 <p> The Postfix SMTP server supports 5 distinct cipher security levels
@@ -1074,7 +1107,7 @@ required.  The certificate trust chain, expiration date, ... are
 not checked. Instead, the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> parameter
 or the "match" attribute in the <a href="#client_tls_policy">policy</a>
 table lists the remote SMTP server certificate fingerprint or
-public key fingerprint (Postfix 2.9 and later).
+public key fingerprint (Postfix 2.9 and later). </p>
 
 <p> If certificate fingerprints are exchanged securely, this is the
 strongest, and least scalable security level. The administrator needs
@@ -1136,6 +1169,39 @@ As in the example above, we show two matching fingerprints: </p>
 </pre>
 </blockquote>
 
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+<p> Note: Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <h4><a name="client_tls_verify"> Mandatory server certificate verification </a> </h4>
 
 <p> At the "verify" TLS security level, messages are sent only over
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 9c8ff40f0..09ea9c646 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -8440,6 +8440,10 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
 an appropriate <a href="access.5.html">access(5)</a> policy for each client.
 See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p>
 
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <p>This feature is available with Postfix version 2.2.</p>
 
 
@@ -10895,11 +10899,47 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 </pre>
 </blockquote>
 
-<p> Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher. </p>
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher. </p>
+
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
 
 <p> This feature is available in Postfix 2.5 and later. </p>
 
@@ -14688,11 +14728,47 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 </pre>
 </blockquote>
 
-<p> Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher. </p>
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher. </p>
+
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
 
 <p> Example: client-certificate access table, with sha1 fingerprints: </p>
 
@@ -15585,6 +15661,25 @@ OpenSSL releases. </p>
 <p> This feature is available in Postfix 2.3 and later. </p>
 
 
+</DD>
+
+<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a>
+(default: no)</b></DT><DD>
+
+<p> A temporary migration aid for sites that use certificate
+<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm. This parameter has no effect on the certificate
+fingerprint support that is available since Postfix 2.2. </p>
+
+<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprint">tls_legacy_public_key_fingerprints</a> = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate public-key finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later.  To compute the correct
+certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p>
+
+<p> This feature is available in Postfix 2.9.6 and later.  </p>
+
+
 </DD>
 
 <DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index ff4b8fa2c..f4520ae74 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4887,6 +4887,10 @@ For more fine-grained control, use check_ccert_access to select
 an appropriate \fBaccess\fR(5) policy for each client.
 See RESTRICTION_CLASS_README.
 .PP
+\fBNote:\fR Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later.
+.PP
 This feature is available with Postfix version 2.2.
 .SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit)
 The maximal number of parallel deliveries to the same destination
@@ -6534,11 +6538,56 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 .ft R
 .in -4
 .PP
-Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher.
+To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint.
+.PP
+The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used.
+.sp
+.in +4
+.nf
+.na
+.ft C
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher.
+.PP
+\fBNote:\fR Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later.
 .PP
 This feature is available in Postfix 2.5 and later.
 .SH smtp_tls_key_file (default: $smtp_tls_cert_file)
@@ -9426,11 +9475,56 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 .ft R
 .in -4
 .PP
-Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher.
+To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint.
+.PP
+The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used.
+.sp
+.in +4
+.nf
+.na
+.ft C
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher.
+.PP
+\fBNote:\fR Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later.
 .PP
 Example: client-certificate access table, with sha1 fingerprints:
 .sp
@@ -10075,6 +10169,19 @@ list when they are enabled. This prefix is not needed with previous
 OpenSSL releases.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH tls_legacy_public_key_fingerprints (default: no)
+A temporary migration aid for sites that use certificate
+\fIpublic-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm. This parameter has no effect on the certificate
+fingerprint support that is available since Postfix 2.2.
+.PP
+Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate public-key finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later.  To compute the correct
+certificate public-key fingerprints, see TLS_README.
+.PP
+This feature is available in Postfix 2.9.6 and later.
 .SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH)
 The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
 the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 8f3b7f274..07aada780 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -689,6 +689,7 @@ while (<>) {
     s;\btls_preempt_cipherlist\b;<a href="postconf.5.html#tls_preempt_cipherlist">$&</a>;g;
     s;\btls_disable_workarounds\b;<a href="postconf.5.html#tls_disable_workarounds">$&</a>;g;
     s;\btls_append_default_CA\b;<a href="postconf.5.html#tls_append_default_CA">$&</a>;g;
+    s;\btls_legacy_public_key_fingerprints\b;<a href="postconf.5.html#tls_legacy_public_key_fingerprint">$&</a>;g;
  
     s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
     s;\breset_owner_alias\b;<a href="postconf.5.html#reset_owner_alias">$&</a>;g;
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 063321020..8b9ad1e47 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -677,6 +677,39 @@ the name of the user or host:</p>
 </pre>
 </blockquote>
 
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+<p> Note: Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <h3><a name="server_cipher">Server-side cipher controls</a> </h3>
 
 <p> The Postfix SMTP server supports 5 distinct cipher security levels
@@ -1074,7 +1107,7 @@ required.  The certificate trust chain, expiration date, ... are
 not checked. Instead, the smtp_tls_fingerprint_cert_match parameter
 or the "match" attribute in the <a href="#client_tls_policy">policy</a>
 table lists the remote SMTP server certificate fingerprint or
-public key fingerprint (Postfix 2.9 and later).
+public key fingerprint (Postfix 2.9 and later). </p>
 
 <p> If certificate fingerprints are exchanged securely, this is the
 strongest, and least scalable security level. The administrator needs
@@ -1136,6 +1169,39 @@ As in the example above, we show two matching fingerprints: </p>
 </pre>
 </blockquote>
 
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+<p> Note: Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <h4><a name="client_tls_verify"> Mandatory server certificate verification </a> </h4>
 
 <p> At the "verify" TLS security level, messages are sent only over
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 2fc7ed2fd..146fcab20 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -9065,6 +9065,10 @@ relay_clientcerts = hash:/etc/postfix/relay_clientcerts
 an appropriate access(5) policy for each client.
 See RESTRICTION_CLASS_README.</p>
 
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
+
 <p>This feature is available with Postfix version 2.2.</p>
 
 %PARAM smtpd_tls_cipherlist
@@ -11489,11 +11493,47 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 </pre>
 </blockquote>
 
-<p> Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher. </p>
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher. </p>
+
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
 
 <p> This feature is available in Postfix 2.5 and later. </p>
 
@@ -11607,11 +11647,47 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
 </pre>
 </blockquote>
 
-<p> Public key fingerprints are more difficult to extract, however,
-the SHA-1 public key fingerprint is often present as the value of the
-"Subject Key Identifier" extension in X.509v3 certificates. The Postfix
-SMTP server and client log the peer certificate fingerprint and public
-key fingerprint when TLS loglevel is 1 or higher. </p>
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends
+on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
+"pkey" command supports all key types. With OpenSSL 0.9.8 and
+earlier, the key type is always RSA (nobody uses DSA, and EC
+keys are not fully supported by 0.9.8), so the "rsa" command is
+used. </p>
+<blockquote>
+<pre>
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl pkey -pubin -outform DER |
+    openssl dgst -sha1 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+    openssl rsa -pubin -outform DER |
+    openssl dgst -md5 -c
+(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when TLS loglevel is 1 or
+higher. </p>
+
+<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
+fingerprint incorrectly. To use public-key fingerprints, upgrade
+to Postfix 2.9.6 or later. </p>
 
 <p> Example: client-certificate access table, with sha1 fingerprints: </p>
 
@@ -13869,6 +13945,21 @@ OpenSSL 1.0.0.</dd>
 
 <p> This feature is available in Postfix 2.8 and later.  </p>
 
+%PARAM tls_legacy_public_key_fingerprints no
+
+<p> A temporary migration aid for sites that use certificate
+<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm. This parameter has no effect on the certificate
+fingerprint support that is available since Postfix 2.2. </p>
+
+<p> Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate public-key finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later.  To compute the correct
+certificate public-key fingerprints, see TLS_README. </p>
+
+<p> This feature is available in Postfix 2.9.6 and later.  </p>
+
 %PARAM tlsproxy_watchdog_timeout 10s
 
 <p> How much time a tlsproxy(8) process may take to process local
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 17546a3c9..dd4514847 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -3035,6 +3035,10 @@ extern bool var_tls_preempt_clist;
 #define DEF_TLS_BUG_TWEAKS	TLS_BUG_TWEAKS
 extern char *var_tls_bug_tweaks;
 
+#define VAR_TLS_BC_PKEY_FPRINT	"tls_legacy_public_key_fingerprints"
+#define DEF_TLS_BC_PKEY_FPRINT	0
+extern bool var_tls_bc_pkey_fprint;
+
  /*
   * Sendmail-style mail filter support.
   */
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 8743bc6f3..e99c71e6e 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20121213"
-#define MAIL_VERSION_NUMBER	"2.9.5"
+#define MAIL_RELEASE_DATE	"20130203"
+#define MAIL_VERSION_NUMBER	"2.9.6"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index b757205db..60032ddf5 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -42,7 +42,7 @@ test:	$(TESTPROG)
 
 tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
 	test12 test13 test14 test15 test16 test17 test18 test19 test20 test21 \
-	test22 test23 test24 test25 test26 test27 test28 test29 test30
+	test22 test23 test24 test25 test26 test27 test28 test29 test30 test40
 
 root_tests:
 
@@ -414,6 +414,17 @@ test30:	$(PROG) test30.ref
 	diff test30.ref test30.tmp
 	rm -f main.cf master.cf test30.tmp
 
+test40:	$(PROG) test40.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -voaaa=bbb' >> master.cf
+	echo ' -vo ccc=$$aaa' >> master.cf
+	echo ' -v -oddd=$$ccc' >> master.cf
+	./$(PROG) -Mfc . unix >test40.tmp 2>&1
+	diff test40.ref test40.tmp
+	rm -f main.cf master.cf test40.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
diff --git a/postfix/src/postconf/postconf_master.c b/postfix/src/postconf/postconf_master.c
index 0aa6c3a92..835f4f888 100644
--- a/postfix/src/postconf/postconf_master.c
+++ b/postfix/src/postconf/postconf_master.c
@@ -74,6 +74,8 @@ static void normalize_options(ARGV *argv)
 {
     int     field;
     char   *arg;
+    char   *cp;
+    char   *junk;
 
     /*
      * Normalize options to simplify later processing.
@@ -82,6 +84,16 @@ static void normalize_options(ARGV *argv)
 	arg = argv->argv[field];
 	if (arg[0] != '-' || strcmp(arg, "--") == 0)
 	    break;
+	for (cp = arg + 1; *cp; cp++) {
+	    if (*cp == 'o' && cp > arg + 1) {
+		/* Split "-stuffo" into "-stuff" and "-o". */
+		junk = concatenate("-", cp, (char *) 0);
+		argv_insert_one(argv, field + 1, junk);
+		myfree(junk);
+		*cp = 0;
+		break;
+	    }
+	}
 	if (strncmp(arg, "-o", 2) == 0) {
 	    if (arg[2] != 0) {
 		/* Split "-oname=value" into "-o" "name=value". */
diff --git a/postfix/src/postconf/test40.ref b/postfix/src/postconf/test40.ref
new file mode 100644
index 000000000..5501a9fcc
--- /dev/null
+++ b/postfix/src/postconf/test40.ref
@@ -0,0 +1,4 @@
+foo        unix  -       n       n       -       0       other -v
+    -o aaa=bbb -v
+    -o ccc=$aaa -v
+    -o ddd=$ccc
diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in
index 1dbe1546b..cc24af469 100644
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@@ -319,6 +319,7 @@ tls_stream.o: ../../include/vstring.h
 tls_stream.o: tls.h
 tls_stream.o: tls_stream.c
 tls_verify.o: ../../include/argv.h
+tls_verify.o: ../../include/mail_params.h
 tls_verify.o: ../../include/msg.h
 tls_verify.o: ../../include/mymalloc.h
 tls_verify.o: ../../include/name_code.h
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 8c5d0f1c3..5fef95920 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -17,6 +17,7 @@
 /*	int	var_tls_daemon_rand_bytes;
 /*	bool    var_tls_append_def_CA;
 /*	bool	var_tls_preempt_clist;
+/*	bool	var_tls_bc_pkey_fprint;
 /*
 /*	TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
 /*	SSL_CTX	*ssl_ctx;
@@ -205,6 +206,7 @@ char   *var_tls_eecdh_strong;
 char   *var_tls_eecdh_ultra;
 bool    var_tls_append_def_CA;
 char   *var_tls_bug_tweaks;
+bool    var_tls_bc_pkey_fprint;
 
 #ifdef VAR_TLS_PREEMPT_CLIST
 bool    var_tls_preempt_clist;
@@ -510,8 +512,10 @@ int     tls_protocol_mask(const char *plist)
 	else
 	    include |= code =
 		name_code(protocol_table, NAME_CODE_FLAG_NONE, tok);
-	if (code == TLS_PROTOCOL_INVALID)
+	if (code == TLS_PROTOCOL_INVALID) {
+	    myfree(save);
 	    return TLS_PROTOCOL_INVALID;
+	}
     }
     myfree(save);
 
@@ -546,6 +550,7 @@ void    tls_param_init(void)
     };
     static const CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_TLS_APPEND_DEF_CA, DEF_TLS_APPEND_DEF_CA, &var_tls_append_def_CA,
+	VAR_TLS_BC_PKEY_FPRINT, DEF_TLS_BC_PKEY_FPRINT, &var_tls_bc_pkey_fprint,
 #if OPENSSL_VERSION_NUMBER >= 0x0090700fL	/* OpenSSL 0.9.7 and later */
 	VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist,
 #endif
diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index d305cc692..ea3bfb960 100644
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -23,6 +23,10 @@
 /*	X509   *peercert;
 /*	const char *dgst;
 /*
+/*	char *tls_pkey_fprint(peercert, dgst)
+/*	X509   *peercert;
+/*	const char *dgst;
+/*
 /*	int	tls_verify_certificate_callback(ok, ctx)
 /*	int	ok;
 /*	X509_STORE_CTX *ctx;
@@ -50,6 +54,11 @@
 /*	value is dynamically allocated with mymalloc(), and the caller
 /*	must eventually free it with myfree().
 /*
+/*	tls_pkey_fprint() returns a public-key fingerprint; in all
+/*	other respects the function behaves as tls_fingerprint().
+/*	The var_tls_bc_pkey_fprint variable enables an incorrect
+/*	algorithm that was used in Postfix versions 2.9.[0-5].
+/*	
 /*	tls_verify_callback() is called several times (directly or
 /*	indirectly) from crypto/x509/x509_vfy.c. It is called as
 /*	a final check, and if it returns "0", the handshake is
@@ -140,6 +149,10 @@
 #include <mymalloc.h>
 #include <stringops.h>
 
+/* Global library. */
+
+#include <mail_params.h>
+
 /* TLS library. */
 
 #define TLS_INTERNAL
@@ -490,14 +503,12 @@ char   *tls_issuer_CN(X509 *peer, const TLS_SESS_STATE *TLScontext)
     return (cn ? cn : mystrdup(""));
 }
 
-typedef int (*x509_dgst_cb) (const X509 *, const EVP_MD *, unsigned char *, unsigned int *);
-
-/* tls_fprint - extract cert or pkey fingerprint from certificate */
+/* tls_fprint - compute and encode digest of DER-encoded object */
 
-static char *tls_fprint(X509 *peercert, x509_dgst_cb x509_dgst,
-			        const char *dgst)
+static char *tls_fprint(const char *buf, int len, const char *dgst)
 {
-    const char *myname = "tls_fingerprint";
+    const char *myname = "tls_fprint";
+    EVP_MD_CTX *mdctx;
     const EVP_MD *md_alg;
     unsigned char md_buf[EVP_MAX_MD_SIZE];
     unsigned int md_len;
@@ -508,10 +519,12 @@ static char *tls_fprint(X509 *peercert, x509_dgst_cb x509_dgst,
     if ((md_alg = EVP_get_digestbyname(dgst)) == 0)
 	msg_panic("%s: digest algorithm \"%s\" not found", myname, dgst);
 
-    /* Fails when serialization to ASN.1 runs out of memory */
-    if (x509_dgst(peercert, md_alg, md_buf, &md_len) == 0)
-	msg_fatal("%s: error computing certificate %s digest (out of memory?)",
-		  myname, dgst);
+    mdctx = EVP_MD_CTX_create();
+    if (EVP_DigestInit_ex(mdctx, md_alg, NULL) == 0
+        || EVP_DigestUpdate(mdctx, buf, len) == 0
+        || EVP_DigestFinal_ex(mdctx, md_buf, &md_len) == 0)
+        msg_fatal("%s: error computing %s message digest", myname, dgst);
+    EVP_MD_CTX_destroy(mdctx);
 
     /* Check for OpenSSL contract violation */
     if (md_len > EVP_MAX_MD_SIZE || md_len >= INT_MAX / 3)
@@ -531,14 +544,55 @@ static char *tls_fprint(X509 *peercert, x509_dgst_cb x509_dgst,
 
 char   *tls_fingerprint(X509 *peercert, const char *dgst)
 {
-    return (tls_fprint(peercert, X509_digest, dgst));
+    int     len;
+    char   *buf;
+    char   *buf2;
+    char   *result;
+
+    len = i2d_X509(peercert, NULL);
+    buf2 = buf = mymalloc(len);
+    i2d_X509(peercert, (unsigned char **)&buf2);
+    if (buf2 - buf != len)
+        msg_panic("i2d_X509 invalid result length");
+
+    result = tls_fprint(buf, len, dgst);
+    myfree(buf);
+
+    return (result);
 }
 
 /* tls_pkey_fprint - extract public key fingerprint from certificate */
 
 char   *tls_pkey_fprint(X509 *peercert, const char *dgst)
 {
-    return (tls_fprint(peercert, X509_pubkey_digest, dgst));
+    if (var_tls_bc_pkey_fprint) {
+	const char *myname = "tls_pkey_fprint";
+	ASN1_BIT_STRING *key;
+	char   *result;
+
+	key = X509_get0_pubkey_bitstr(peercert);
+	if (key == 0)
+	    msg_fatal("%s: error extracting legacy public-key fingerprint: %m",
+		      myname);
+
+	result = tls_fprint((char *) key->data, key->length, dgst);
+	return (result);
+    } else {
+	int     len;
+	char   *buf;
+	char   *buf2;
+	char   *result;
+
+	len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), NULL);
+	buf2 = buf = mymalloc(len);
+	i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **) &buf2);
+	if (buf2 - buf != len)
+	    msg_panic("i2d_X509_PUBKEY invalid result length");
+
+	result = tls_fprint(buf, len, dgst);
+	myfree(buf);
+	return (result);
+    }
 }
 
 #endif
diff --git a/postfix/src/util/exec_command.c b/postfix/src/util/exec_command.c
index 9ab82535e..8629b0c24 100644
--- a/postfix/src/util/exec_command.c
+++ b/postfix/src/util/exec_command.c
@@ -63,7 +63,8 @@ ABCDEFGHIJKLMNOPQRSTUVWXYZ" SPACE_TAB;
     /*
      * See if this command contains any shell magic characters.
      */
-    if (command[strspn(command, ok_chars)] == 0) {
+    if (command[strspn(command, ok_chars)] == 0
+	&& command[strspn(command, SPACE_TAB)] != 0) {
 
 	/*
 	 * No shell meta characters found, so we can try to avoid the overhead