From: Wietse Venema Date: Sun, 4 Nov 2018 05:00:00 +0000 (-0500) Subject: postfix-3.0.14-RC1 X-Git-Tag: v3.0.14-RC1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6114678b8933c2eee78e821679ab27785c21eef;p=thirdparty%2Fpostfix.git postfix-3.0.14-RC1 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index c15aa6353..0e9462f19 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -404,5 +404,4 @@ -Tssl_comp_stack_t -Ttime_t -Ttlsa_filter --Tx509_extension_stack_t -Tx509_stack_t diff --git a/postfix/HISTORY b/postfix/HISTORY index a62069d61..2d943dc8a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -4450,7 +4450,7 @@ Apologies for any names omitted. 20001109 Cleanup: changed prototype of internal function that did - not return a useful result. File: src/util/vstream_popen.c. + not return a useful result. Fileutil/vstream_popen.c. 20001110 @@ -5253,7 +5253,7 @@ Apologies for any names omitted. Safety: postdrop turns off interrupts when cleaning up after interrupt. The additional safety does not hurt anyone. - File: src/postdrop/postdrop.c. + Filepostdrop/postdrop.c. 20010607 @@ -5581,7 +5581,7 @@ Apologies for any names omitted. 20011105 Bugfix: missing terminator in new attribute-based function - call caused signal 11. File: src/cleanup/cleanup.c. + call caused signal 11. Filecleanup/cleanup.c. Lame workaround for ESTALE errors with mail delivery over NFS. Additional bandages were added to the local delivery @@ -5750,7 +5750,7 @@ Apologies for any names omitted. Maintenance: LDAP module and documentation from LaMont Jones. This version adds verbose logging for LDAP library - routines. Files: src/util/dict_ldap.[hc], LDAP_README, + routines. Filesutil/dict_ldap.[hc], LDAP_README, conf/sample-ldap.cf Portability: made memory alignment restrictions configurable. @@ -6606,7 +6606,7 @@ Apologies for any names omitted. Weird feature: sender-based routing. This will become more useful once per-address transport map entries are done. - File: src/*qmgr/qmgr_message.c. + File:*qmgr/qmgr_message.c. 20020605 @@ -7473,7 +7473,7 @@ Apologies for any names omitted. Feature: recipient address verification, using the code that already implements sender address verification. Based - on suggestion by Matthias Andree. Files: src/smtpd/smtpd.c, + on suggestion by Matthias Andree. Filessmtpd/smtpd.c, src/smtpd/smtpd_check.c. 20021211 @@ -8086,7 +8086,7 @@ Apologies for any names omitted. Cleanup: future time stamps in Received: headers and negative delays in delivery agent logging after "postdrop -r", because deferred queue files had future file modification - times. File: src/postsuper/postsuper.c. + times. File:postsuper/postsuper.c. 20030521 @@ -9139,7 +9139,7 @@ Apologies for any names omitted. 20040201 Feature: sasl_method, sasl_username and sasl_sender attributes - in smtpd policy queries. Files: src/smtpd/smtpd_check.c. + in smtpd policy queries. Filessmtpd/smtpd_check.c. 20040204 @@ -9254,7 +9254,7 @@ Apologies for any names omitted. Future proofing: client_rate_time_unit is renamed to anvil_rate_time_unit, so that it is no longer limited to - clients only. File: src/global/mail_params.h. + clients only. Fileglobal/mail_params.h. Cleanup: postalias and postmap now log problems to syslogd. Files: postalias/postalias.c, postmap/postmap.c. @@ -10322,7 +10322,7 @@ Apologies for any names omitted. Feature: new smtpd policy attributes ccert_subject, ccert_issuer and ccert_fingerprint, with TLS client certificate information, but only when verification was - successful. Files: src/smtpd/smtpd_check.c. + successful. Files:smtpd/smtpd_check.c. Cleanup: corrected the address verification data flow in the ADDRESS_VERIFICATION_README illustration. @@ -10467,7 +10467,7 @@ Apologies for any names omitted. valid command syntax. Instead they require "improved" syntax that is not valid on several other systems that Postfix builds on. So we have to stop using the tail command. - Files: Makefile.in, src/*/Makefile.in. + Files: Makefile.in*/Makefile.in. 20050312 @@ -10608,8 +10608,8 @@ Apologies for any names omitted. Safety: SASL 2.1.19 has a version lookup routine that we can use to detect compile time / run time version mis-matches - (also known as DLL hell). Files: src/smtpd/smtpd_sasl_glue.c, - src/smtp/smtp_sasl_glue.c, src/lmtp/lmtp_sasl_glue.c. + (also known as DLL hell). Filessmtpd/smtpd_sasl_glue.c, + src/smtp/smtp_sasl_glue.clmtp/lmtp_sasl_glue.c. 20050404 @@ -10662,7 +10662,7 @@ Apologies for any names omitted. if you feel brave. File: util/sys_defs.h. Robustness: re-compile all object files after the "make - makefiles" options have changed. Files: src/*/Makefile.in. + makefiles" options have changed. Files*/Makefile.in. Tweaking: reply with 5.3.4 when the message size exceeds the mail system message_size_limit, instead of 5.2.3 which @@ -10700,8 +10700,8 @@ Apologies for any names omitted. for some destination. Files: util/argv.c, smtp/smtp_connect.c. Cleanup: extra dsn_vstring_update_dsn() routine to shut up - GCC complaints about valid code. Files: src/global/dsn_util.c, - src/global/mbox_open.c, src/lmtp/lmtp_addr.c, src/smtp/smtp_addr.c, + GCC complaints about valid code. Filesglobal/dsn_util.c, + src/global/mbox_open.clmtp/lmtp_addr.c, src/smtp/smtp_addr.c, src/smtp/smtp_connect.c. 20050429 @@ -11956,7 +11956,7 @@ Apologies for any names omitted. Cleanup: regression tests are now separated into "make tests" for unprivileged tests, and "make root_tests" for tests that require privileges to connect to the Postfix - internal sockets. Files Makefile.in, src/*/Makefile.in. + internal sockets. Files Makefile.in*/Makefile.in. 20060201 @@ -12082,7 +12082,7 @@ Apologies for any names omitted. Bugfix: cut-and-paste error: lmtp_connection_cache_limit was left with the name of smtp_connection_cache_limit. - Reported by Victor? File: src/global/mail_params.h. + Reported by Victor? Fileglobal/mail_params.h. 20060329 @@ -12176,8 +12176,8 @@ Apologies for any names omitted. lines of library support, comments not included. A simple test Milter application for use in regression tests - is in src/milter/test-milter.c. Queue file modifications are - tested with a driver at the end src/cleanup/cleanup_milter.c + is imilter/test-milter.c. Queue file modifications are + tested with a driver at the encleanup/cleanup_milter.c that reads commands from a script. To make debugging easier, uncomment the "#define msg_verbose @@ -12467,7 +12467,7 @@ Apologies for any names omitted. 20060707 Workaround: apparently, Solaris gettimeofday() can return - out-of range microsecond values. File: src/global/log_adhoc.c. + out-of range microsecond values. Fileglobal/log_adhoc.c. Robustness: the SMTPD policy client now encodes the ccert_subject and ccert-issuer attributes as xtext. Some @@ -12545,7 +12545,7 @@ Apologies for any names omitted. client enforced Mandatory TLS only when talking to an ESMTP server; enforcement did not happen if Postfix could somehow be forced to send HELO instead of EHLO. Victor Duchovni. - File: src/smtp/smtp_proto.c. + Filesmtp/smtp_proto.c. 20060718 @@ -13262,9 +13262,9 @@ Apologies for any names omitted. SunOS 5.10's bundled OpenSSL 0.9.7 and AES 256. Also possible with OpenSSL 0.9.8 and CAMELLIA 256. Root cause fixed in upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases. Victor - Duchovni, Morgan Stanley. Files: src/smtp/smtp_proto.c, - src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_client.c, - src/tls/tls_misc.c and src/tls/tls_server.c. + Duchovni, Morgan Stanley. Filessmtp/smtp_proto.c, + src/smtpd/smtpd.ctls/tls.h, src/tls/tls_client.c, + src/tls/tls_misc.c antls/tls_server.c. 20070222 @@ -13349,13 +13349,13 @@ Apologies for any names omitted. Bitrot: New OpenLDAP APIs deprecate simplified interfaces, that are the only ones available in Sun's LDAP SDK. Define suitable macros that work with new OpenLDAP and Sun's code. - Victor Duchovni, Morgan Stanley. File: src/global/dict_ldap.c + Victor Duchovni, Morgan Stanley. Fileglobal/dict_ldap.c Cleanup: new "leaf" and "terminal" result attributes support fine-tuning of LDAP group expansion, and provide a solution for the problem case where DN recursion returns both the group address and the addresses of the member objects. - Victor Duchovni, Morgan Stanley. Files: src/global/dict_ldap.c, + Victor Duchovni, Morgan Stanley. Filesglobal/dict_ldap.c, proto/LDAP_README.html, proto/ldap_table 20070317 @@ -13364,7 +13364,7 @@ Apologies for any names omitted. core dump file with "mail_version=xxxxx". Adding version stamps and checks to every IPC message is too much change after code freeze, and requires too much time for testing. - File: src/global/mail_version.h and every main program file. + Fileglobal/mail_version.h and every main program file. 20070320 @@ -13533,7 +13533,7 @@ Apologies for any names omitted. 20070508 Bugfix: Content-Transfer-Encoding: attribute values are - case insensitive. File: src/cleanup/cleanup_message.c. + case insensitive. Filecleanup/cleanup_message.c. 20070514 @@ -14057,31 +14057,31 @@ Apologies for any names omitted. mechanics of cipher management internal to the library. The main.cf parameters used internally in the library are now loaded by the library, not the caller. Files: - src/smtp/lmtp_params.c, src/smtp/smtp.c, src/smtp/smtp.h, - src/smtp/smtp_params.c, src/smtp/smtp_proto.c, - src/smtp/smtp_session.c, src/smtpd/smtpd.c, src/tls/tls.h, - src/tls/tls_client.c, src/tls/tls_level.c, src/tls/tls_misc.c, - src/tls/tls_server.c, src/tls/tls_session.c, src/tls/tls_verify.c - and src/tlsmgr/tlsmgr.c + src/smtp/lmtp_params.csmtp/smtp.c, src/smtp/smtp.h, + src/smtp/smtp_params.csmtp/smtp_proto.c, + src/smtp/smtp_session.csmtpd/smtpd.c, src/tls/tls.h, + src/tls/tls_client.ctls/tls_level.c, src/tls/tls_misc.c, + src/tls/tls_server.ctls/tls_session.c, src/tls/tls_verify.c + antlsmgr/tlsmgr.c Cleanup: Client session lookup key "salting" is now handled - internally in the tls library. Files: src/tls/tls_client.c + internally in the tls library. Filestls/tls_client.c Cleanup: Cipher state is cached, and only updated when - necessary. Files: src/tls/tls_misc.c + necessary. Filestls/tls_misc.c Feature: Extended the syntax of protocol selection to allow - exclusions as well as inclusions. Files: src/tls/tls_misc.c + exclusions as well as inclusions. Filestls/tls_misc.c Cleanup: Updated default verification depth to match reality: default is 9 in OpenSSL and we don't yet override it. When we do (soon), the default will match previous behavior. - Files: src/global/mail_params.h + Filesglobal/mail_params.h Bugfix: Reference to obsolete "pfixtls" code won't compile inside #ifdef for OpenSSL <= 0.9.5a. Using an OpenSSL release that old has not been tested for some time, but may now - work. Files: src/tls/tls_bio_ops.c. + work. Filestls/tls_bio_ops.c. Replaced "void *" TLS library application handles by explicit pointer types, while hiding data structure implementation @@ -14143,7 +14143,7 @@ Apologies for any names omitted. SMTP client fingerprint security level support and configurable fingerprint digest algorithm. Victor Duchovni. Files: smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, - src/smtp/smtp_params.c, src/smtp/smtp_proto.c, + src/smtp/smtp_params.csmtp/smtp_proto.c, src/smtp/smtp_session.c, tls/tls_client.c, tls/tls_level.c, tls/tls_verify.c. @@ -14162,13 +14162,13 @@ Apologies for any names omitted. limit parameters. Prior to Postfix 2.5 these were ignored. For backwards compatibility, the default verification depth limit is now 9, the OpenSSL default. Victor Duchovni. Files: - src/tls/tls_client.c, src/tls/tls_server.c, src/tls/tls_verify.c. + src/tls/tls_client.ctls/tls_server.c, src/tls/tls_verify.c. Robustness: Avoid possibility of NULL pointer issues in application code that checks certificate names, by providing "empty string" values when no data is available. Victor - Duchovni. Files: src/tls/tls_verify.c, src/tls/tls_client.c, - src/tls/tls_server.c, src/smtpd/smtpd_check.c, src/smtpd/smtpd.c. + Duchovni. Filestls/tls_verify.c, src/tls/tls_client.c, + src/tls/tls_server.csmtpd/smtpd_check.c, src/smtpd/smtpd.c. Cleanup: separation of TLS handshake from security level enforcement. The library shakes hands; the application @@ -14317,7 +14317,7 @@ Apologies for any names omitted. 20080207 Cleanup: soft_bounce support for multi-line Milter replies. - File: src/milter/milter8.c. + Filemilter/milter8.c. Cleanup: preserve multi-line format of header/body Milter replies. Files: cleanup/cleanup_milter.c, smtpd/smtpd.c. @@ -14369,7 +14369,7 @@ Apologies for any names omitted. Safety: the SMTP server's Dovecot authentication client now enforces the SASL mechanism output filter also on client - command input. File: src/xsasl/xsasl_dovecot_server.c. + command input. Filexsasl/xsasl_dovecot_server.c. 20080311 @@ -14428,7 +14428,7 @@ Apologies for any names omitted. reject message. Parameters: unverified_recipient_defer_code, unverified_recipient_reject_reason, unverified_sender_defer_code, unverified_sender_reject_reason. If I don't do this properly, - then someone will do it anyway. File: src/smtpd/smtpd_check.c. + then someone will do it anyway. Filesmtpd/smtpd_check.c. 20080428 @@ -14988,7 +14988,7 @@ Apologies for any names omitted. Fine tuning: don't enforce smtpd_junk_command_limit for XCLIENT and XFORWARD commands. These commands can be issued - only by authorized clients. File: src/smtpd/smtpd.c. + only by authorized clients. Filesmtpd/smtpd.c. 20090215 @@ -15329,7 +15329,7 @@ Apologies for any names omitted. the results in a later non-production version. To enable DNSBL lookups, specify "postscreen_dnsbl_sites = name, name, etc". and restart postscreen(8) with "postfix reload". - File: src/dnsblog/dnblog.c. + Filednsblog/dnblog.c. 20090618 @@ -16282,7 +16282,7 @@ Apologies for any names omitted. Feature: with "tls_preempt_cipherlist = yes" the Postfix SMTP server will preempt the remote SMTP client's cipher preference order. This requires OpenSSL 0.9.7 and later. - Victor Duchovni. Files: src/smtpd/smtpd.c, src/tls/tls_server.c, + Victor Duchovni. Filessmtpd/smtpd.c, src/tls/tls_server.c, proto/TLS_README.html, proto/postconf.proto. Future proofing: specify "tls_disable_workarounds = a list @@ -16299,8 +16299,8 @@ Apologies for any names omitted. Cleanup: sanitized the name_mask API so that errors will be ignored only upon explicit request. Files: util/name_mask.[hc], - src/global/ehlo_mask.c, src/smtp/smtp_proto.c, - src/util/name_mask.c, src/xsasl/xsasl_dovecot_server.c. + src/global/ehlo_mask.csmtp/smtp_proto.c, + src/util/name_mask.cxsasl/xsasl_dovecot_server.c. Cleanup: more TLS overhead horrors for the SMTP client's PIPELINING engine. Wietse and Victor. File: smtp/smtp_proto.c. @@ -16672,22 +16672,22 @@ Apologies for any names omitted. KNOWN (we actually have an owner UID). With most tables, the owner UID is the file owner UID. With LDAP and *SQL, the owner UID is the Postfix configuration file owner. - Files: src/util/dict_unix.c src/util/dict_thash.c - src/util/dict_static.c src/util/dict_sdbm.c src/util/dict_regexp.c - src/util/dict_pcre.c src/util/dict_nisplus.c src/util/dict_nis.c - src/util/dict_ni.c src/util/dict_ht.c src/util/dict_env.c - src/util/dict_dbm.c src/util/dict_db.c src/util/dict_cidr.c - src/util/dict_cdb.c src/util/dict_alloc.c src/util/dict.h - src/util/dict.c src/local/alias.c src/global/dict_sqlite.c - src/global/dict_pgsql.c src/global/dict_mysql.c - src/global/dict_ldap.c src/global/cfg_parser.h + Filesutil/dict_unix.c src/util/dict_thash.c + src/util/dict_static.util/dict_sdbm.c src/util/dict_regexp.c + src/util/dict_pcre.util/dict_nisplus.c src/util/dict_nis.c + src/util/dict_ni.util/dict_ht.c src/util/dict_env.c + src/util/dict_dbm.util/dict_db.c src/util/dict_cidr.c + src/util/dict_cdb.util/dict_alloc.c src/util/dict.h + src/util/dict.local/alias.c src/global/dict_sqlite.c + src/global/dict_pgsql.global/dict_mysql.c + src/global/dict_ldap.global/cfg_parser.h src/global/cfg_parser.c. 20110311 Feature: Base 32 encoder/decoder per RFC 4648. This code was going to be used for long queue IDs, but plans were - changed. Files: src/util/base32_code.[hc]. + changed. Filesutil/base32_code.[hc]. 20110313 @@ -17279,11 +17279,11 @@ Apologies for any names omitted. replaces the Postfix library but not the program (someone experienced this with an extra copy of the Postfix SMTP server). Files: global/mail_version.[hc], master/*server.c, - master/master.c, src/postalias/postalias.c, - src/postdrop/postdrop.c, src/postfix/postfix.c, - src/postlog/postlog.c, src/postmap/postmap.c, - src/postmulti/postmulti.c, src/postqueue/postqueue.c, - src/postsuper/postsuper.c, src/sendmail/sendmail.c. + master/master.cpostalias/postalias.c, + src/postdrop/postdrop.cpostfix/postfix.c, + src/postlog/postlog.cpostmap/postmap.c, + src/postmulti/postmulti.cpostqueue/postqueue.c, + src/postsuper/postsuper.csendmail/sendmail.c. 20111211 @@ -17438,27 +17438,27 @@ Apologies for any names omitted. This was a straightforward change except in the few modules that propagate errors from one dictionary API to another: dict_cache.c, dict_debug.c, maps.c, dict_memcache.c. Files: - src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c, - src/global/addr_match_list.c, src/global/dict_ldap.c, - src/global/dict_memcache.c, src/global/dict_mysql.c, - src/global/dict_pgsql.c, src/global/dict_proxy.c, - src/global/dict_sqlite.c, src/global/domain_list.c, - src/global/flush_clnt.c, src/global/mail_addr_find.c, - src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h, - src/global/match_parent_style.h, src/global/namadr_list.c, - src/global/resolve_local.c, src/global/resolve_local.h, - src/global/server_acl.c, src/global/string_list.c, - src/local/alias.c, src/local/bounce_workaround.c, - src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c, - src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c, - src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c, - src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c, - src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c, - src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c, - src/util/dict_pcre.c, src/util/dict_regexp.c, - src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c, - src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c, - src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c. + src/cleanup/cleanup_map11.ccleanup/cleanup_map1n.c, + src/global/addr_match_list.cglobal/dict_ldap.c, + src/global/dict_memcache.cglobal/dict_mysql.c, + src/global/dict_pgsql.cglobal/dict_proxy.c, + src/global/dict_sqlite.cglobal/domain_list.c, + src/global/flush_clnt.cglobal/mail_addr_find.c, + src/global/mail_addr_map.cglobal/maps.c, src/global/maps.h, + src/global/match_parent_style.hglobal/namadr_list.c, + src/global/resolve_local.cglobal/resolve_local.h, + src/global/server_acl.cglobal/string_list.c, + src/local/alias.clocal/bounce_workaround.c, + src/local/mailbox.clocal/unknown.c, src/proxymap/proxymap.c, + src/qmqpd/qmqpd.csmtp/smtp_map11.c, src/smtpd/smtpd_check.c, + src/trivial-rewrite/resolve.ctrivial-rewrite/transport.c, + src/util/dict.hutil/dict_alloc.c, src/util/dict_cache.c, + src/util/dict_cidr.cutil/dict_db.c, src/util/dict_debug.c, + src/util/dict_env.cutil/dict_fail.c, src/util/dict_ht.c, + src/util/dict_pcre.cutil/dict_regexp.c, + src/util/dict_static.cutil/dict_tcp.c, src/util/dict_test.c, + src/util/dict_thash.cutil/dict_unix.c, src/util/match_list.c, + src/util/match_list.hutil/match_ops.c, src/virtual/mailbox.c. 20111226 @@ -17520,18 +17520,18 @@ Apologies for any names omitted. depend on the unavailable table will keep working. However, for the sake of sanity, the number of such errors over the life of a process is limited to 13. Files: - src/global/cfg_parser.c, src/util/dict_thash.c, - src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c, - src/global/dict_ldap.c, src/global/dict_mysql.c, - src/global/dict_pgsql.c, src/global/dict_sqlite.c, - src/postconf/postconf_main.c, src/global/mail_conf.c, - src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c, - src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c, - src/util/dict_regexp.c, src/master/trigger_server.c, - src/master/single_server.c, src/master/multi_server.c, - src/master/event_server.c, src/util/dict_test.c, - src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c, - src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h, + src/global/cfg_parser.cutil/dict_thash.c, + src/util/dict_cidr.cutil/dict_nis.c, src/util/dict_nisplus.c, + src/global/dict_ldap.cglobal/dict_mysql.c, + src/global/dict_pgsql.cglobal/dict_sqlite.c, + src/postconf/postconf_main.cglobal/mail_conf.c, + src/util/dict.hutil/dict.c, src/global/dict_memcache.c, + src/util/dict_tcp.cutil/dict_unix.c, src/util/dict_pcre.c, + src/util/dict_regexp.cmaster/trigger_server.c, + src/master/single_server.cmaster/multi_server.c, + src/master/event_server.cutil/dict_test.c, + src/util/dict_surrogate.cutil/dict_alloc.c, src/util/msg.c, + src/util/dict_cdb.cutil/dict_dbm.c, src/util/msg.h, src/util/dict_db.c. Incompatibility: the Postfix SMTP server no longer reports @@ -18423,14 +18423,14 @@ Apologies for any names omitted. a set of characters. A user name is now separated from its address extension by the first character that matches the recipient_delimiter set. Files: proto/postconf.proto, - src/global/mail_addr_find.c, src/global/mail_params.c, - src/global/split_addr.c, src/global/split_addr.h, - src/global/strip_addr.c, src/global/strip_addr.h, - src/global/strip_addr.ref, src/local/bounce_workaround.c, - src/local/local.c, src/local/local_expand.c, src/local/recipient.c, - src/local/resolve.c, src/oqmgr/qmgr_message.c, src/pipe/pipe.c, - src/qmgr/qmgr_message.c, src/smtpd/smtpd.c, - src/smtpd/smtpd_check.c, src/trivial-rewrite/transport.c, + src/global/mail_addr_find.cglobal/mail_params.c, + src/global/split_addr.cglobal/split_addr.h, + src/global/strip_addr.cglobal/strip_addr.h, + src/global/strip_addr.reflocal/bounce_workaround.c, + src/local/local.clocal/local_expand.c, src/local/recipient.c, + src/local/resolve.coqmgr/qmgr_message.c, src/pipe/pipe.c, + src/qmgr/qmgr_message.csmtpd/smtpd.c, + src/smtpd/smtpd_check.ctrivial-rewrite/transport.c, src/trivial-rewrite/trivial-rewrite.c. Feature: support for trust anchors, i.e. CA certificates @@ -18572,15 +18572,15 @@ Apologies for any names omitted. Files: smtp/smtp.h smtp/smtp_connect.c, smtp/smtp_key.c. Non-production cleanup: documentation, identifiers. Viktor - Dukhovni. Files: proto/postconf.proto, src/dns/dns.h, - src/dns/dns_lookup.c, src/dns/dns_rr.c, src/dns/test_dns_lookup.c, - src/global/mail_proto.h, src/posttls-finger/posttls-finger.c, - src/smtp/smtp.h, src/smtp/smtp_addr.c, src/smtp/smtp_connect.c, - src/smtp/smtp_session.c, src/smtp/smtp_tls_policy.c, - src/smtpd/smtpd_check.c, src/tls/tls.h, src/tls/tls_client.c, - src/tls/tls_dane.c, src/tls/tls_fprint.c, src/tls/tls_misc.c, - src/tls/tls_proxy_clnt.c, src/tls/tls_proxy_print.c, - src/tls/tls_proxy_scan.c, src/tls/tls_server.c, + Dukhovni. Files: proto/postconf.protodns/dns.h, + src/dns/dns_lookup.cdns/dns_rr.c, src/dns/test_dns_lookup.c, + src/global/mail_proto.hposttls-finger/posttls-finger.c, + src/smtp/smtp.hsmtp/smtp_addr.c, src/smtp/smtp_connect.c, + src/smtp/smtp_session.csmtp/smtp_tls_policy.c, + src/smtpd/smtpd_check.ctls/tls.h, src/tls/tls_client.c, + src/tls/tls_dane.ctls/tls_fprint.c, src/tls/tls_misc.c, + src/tls/tls_proxy_clnt.ctls/tls_proxy_print.c, + src/tls/tls_proxy_scan.ctls/tls_server.c, src/tls/tls_verify.c. 20130426 @@ -18660,7 +18660,7 @@ Apologies for any names omitted. features (as opposed to tls_disable_workarounds which is disables bug workarounds that are on by default). Viktor Dukhovni. Files: proto/TLS_README.html, proto/postconf.proto, - src/global/mail_params.h, src/tls/tls.h, src/tls/tls_client.c, + src/global/mail_params.htls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c. 20130520 @@ -18911,12 +18911,12 @@ Apologies for any names omitted. nothing is found there, fall back to the qname. Code by Viktor Dukhovni. Files: mantools/postlink, - proto/postconf.proto, src/global/mail_params.h, - src/posttls-finger/posttls-finger.c, src/smtp/lmtp_params.c, - src/smtp/smtp.c, src/smtp/smtp.h, src/smtp/smtp_addr.c, - src/smtp/smtp_addr.h, src/smtp/smtp_connect.c, - src/smtp/smtp_params.c, src/smtp/smtp_tls_policy.c, - src/tls/tls.h, src/tls/tls_dane.c. + proto/postconf.protoglobal/mail_params.h, + src/posttls-finger/posttls-finger.csmtp/lmtp_params.c, + src/smtp/smtp.csmtp/smtp.h, src/smtp/smtp_addr.c, + src/smtp/smtp_addr.hsmtp/smtp_connect.c, + src/smtp/smtp_params.csmtp/smtp_tls_policy.c, + src/tls/tls.htls/tls_dane.c. 20130826 @@ -19211,8 +19211,8 @@ Apologies for any names omitted. Cleanup: improve suppression of TLSA lookups in insecure zones. This is now applied not only to non-MX destinations, but also to each MX record. Viktor Dukhovni. Files: - src/posttls-finger/posttls-finger.c, src/smtp/smtp_tls_policy.c, - src/tls/tls.h, src/tls/tls_dane.c. + src/posttls-finger/posttls-finger.csmtp/smtp_tls_policy.c, + src/tls/tls.htls/tls_dane.c. Workaround: increased the 5s connection timeout to 30s. Viktor Dukhovni. File: posttls-finger/posttls-finger.c. @@ -19287,16 +19287,16 @@ Apologies for any names omitted. NOT be supported in DANE with SMTP, and we already don't support digest TLSA RRs in this case, while full content TLSA RRs are not recommended for DNS bloat reasons. Viktor - Dukhovni. Files: proto/postconf.proto src/global/mail_params.h - src/smtp/smtp.c src/tls/tls_dane.c src/tls/tls_misc.c. + Dukhovni. Files: proto/postconf.protglobal/mail_params.h + src/smtp/smtp.tls/tls_dane.c src/tls/tls_misc.c. Feature: TLS support: Support future digest algorithms without re-compilation. Viktor Dukhovni. Files: .indent.pro - proto/postconf.proto src/tls/tls_dane.c. + proto/postconf.prottls/tls_dane.c. Feature: DNS support: New configurable digest agility. Viktor Dukhovni. Files: .indent.pro proto/TLS_README.html - proto/postconf.proto src/global/mail_params.h src/tls/tls_dane.c + proto/postconf.protglobal/mail_params.h src/tls/tls_dane.c src/tls/tls_misc.c. 20131127 @@ -19312,8 +19312,8 @@ Apologies for any names omitted. 20131130 Cleanup: simplify fingerprint security level implementation - in new DANE code. Viktor Dukhovni. Files: src/tls/tls.h - src/smtp/smtp_tls_policy.c src/tls/tls_dane.c + in new DANE code. Viktor Dukhovni. Filestls/tls.h + src/smtp/smtp_tls_policy.tls/tls_dane.c src/posttls-finger/posttls-finger.c. 20131209 @@ -19368,8 +19368,8 @@ Apologies for any names omitted. 20131215 Cleanup: OpenSSL "const" declarations have changed over - time. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, - src/tls/tls_dane.c, src/tls/tls_server.c. + time. Viktor Dukhovni. Filestls/tls.h, src/tls/tls_client.c, + src/tls/tls_dane.ctls/tls_server.c. 20131216 @@ -20234,7 +20234,7 @@ Apologies for any names omitted. Cleanup: propagate the "SMTPUTF8 support requested" flag when bouncing a message or when forwarding a message through a local alias or .forward file. Files: local/forward.c, - bounce/bounce_notify_util.c, src/global/post_mail.[hc], and + bounce/bounce_notify_util.cglobal/post_mail.[hc], and specify a dummy argument SMTPUTF8_FLAGS_NONE in all other programs that programs that invoke post_mail_fopen*(), @@ -20514,7 +20514,7 @@ Apologies for any names omitted. global/attr_override.[hc], smtpd/smtpd_check.c, milter/milter.c. Documentation: support for "{ argument with whitespace }" - in master(5) and pipe(8). Files: proto/master, src/pipe/pipe.c. + in master(5) and pipe(8). Files: proto/masterpipe/pipe.c. Documentation: in ADDRES_VERIFY_README, replaced "nearest MTA" with "preferred MTA". The SMTP client was changed years @@ -20833,8 +20833,8 @@ Apologies for any names omitted. Postfix SMTP server already rejected such domains with reject_unknown_sender/recipient_domain. This introduces a new SMTP server configuration parameter nullmx_reject_code - (default: 556). Files: src/dns/dns_lookup.[hc], dns/Makefile,in, - dns/nullmx_test.ref, src/smtp/smtp_addr.c, smtpd/smtpd_check.c, + (default: 556). Filesdns/dns_lookup.[hc], dns/Makefile,in, + dns/nullmx_test.refsmtp/smtp_addr.c, smtpd/smtpd_check.c, smtpd/smtpd_check_nullmx.in, smtpd/smtpd_check_nullmx.ref, mantools/postlink, proto/postconf.proto, smtpd/smtpd.c. @@ -20899,9 +20899,9 @@ Apologies for any names omitted. dns/dns.h, dns/dns_lookup.c. Cleanup: eliminate TLS state duplication from state->tls - to session->tls. Viktor Dukhovni. Files: src/smtp/smtp.h, - src/smtp/smtp_connect.c, src/smtp/smtp_proto.c, - src/smtp/smtp_reuse.c, src/smtp/smtp_session.c. + to session->tls. Viktor Dukhovni. Filessmtp/smtp.h, + src/smtp/smtp_connect.csmtp/smtp_proto.c, + src/smtp/smtp_reuse.csmtp/smtp_session.c. 20141203 @@ -21459,7 +21459,7 @@ Apologies for any names omitted. some non-ASCII character, unlike HTML where it comes out as itself. Andreas Schulze. This requires jumping a few hops to generate HTML and nroff input from the same source - text. Files; mantools/srctoman, mantools/postconf2man. + text. Files; mantooloman, mantools/postconf2man. Cleanup: UTF-8 support in masquerade_domains. File: cleanup/cleanup_masquerade.c. @@ -21923,3 +21923,21 @@ Apologies for any names omitted. error propagation in tlsproxy(8) resulting in segfault after TLS handshake error. Found during code maintenance. File: tlsproxy/tlsproxy.c. + +20180617 + + Bugfix (introduced: Postfix 2.11): minor memory leak when + minting issuer certs. This affects a tiny minority of use + cases. Viktor Dukhovni, based on a fix by Juan Altmayer + Pizzorno for the ssl_dane library. + +20181104 + + Multiple 'bit rot' fixes for OpenSSL API changes, including + support to disable TLSv1.3, and to allow OpenSSL >= 1.1.0 + run-time micro version bumps without complaining about + library version mismatches. Viktor Dukhovni. Files: + proto/postconf.proto, proto/TLS_README.html, tls/tls.h, + tls/tls_dane.c, tls/tls_verify.c, tls/tls_fprint.c, + tls/tls_misc.c, tls/tls_server.c, tls/tls_client.c, + tls/tls_rsa.c, posttls-finger/posttls-finger.c, .indent.pro. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index ddfe7ebb1..117453b48 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -657,11 +657,12 @@ Example: smtpd_starttls_timeout = 300s With Postfix 2.8 and later, the tls_disable_workarounds parameter specifies a -list or bit-mask of OpenSSL bug work-arounds to disable. This may be necessary -if one of the work-arounds enabled by default in OpenSSL proves to pose a -security risk, or introduces an unexpected interoperability issue. Some bug -work-arounds known to be problematic are disabled in the default value of the -parameter when linked with an OpenSSL library that could be vulnerable. +list or bit-mask of default-enabled OpenSSL bug work-arounds to disable. This +may be necessary if one of the work-arounds enabled by default in OpenSSL +proves to pose a security risk, or introduces an unexpected interoperability +issue. The list of enabled bug work-arounds is OpenSSL-release-specific. See +the tls_disable_workarounds parameter documentation for the list of supported +values. Example: @@ -674,16 +675,9 @@ mask of OpenSSL options to enable. Specify one or more of the named options below, or a hexadecimal bitmask of options found in the ssl.h file corresponding to the run-time OpenSSL library. While it may be reasonable to turn off all bug workarounds (see above), it is not a good idea to attempt to -turn on all features. +turn on all features. See the tls_ssl_options parameter documentation for the +list of supported values. -LLEEGGAACCYY__SSEERRVVEERR__CCOONNNNEECCTT - See SSL_CTX_set_options(3). -NNOO__TTIICCKKEETT - See SSL_CTX_set_options(3). -NNOO__CCOOMMPPRREESSSSIIOONN - Disable SSL compression even if supported by the OpenSSL library. - Compression is CPU-intensive, and compression before encryption does not - always improve security. Example: /etc/postfix/main.cf: diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 82808f532..4fe746c17 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -917,12 +917,13 @@ handshake procedures.

With Postfix 2.8 and later, the tls_disable_workarounds parameter -specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This -may be necessary if one of the work-arounds enabled by default in -OpenSSL proves to pose a security risk, or introduces an unexpected -interoperability issue. Some bug work-arounds known to be problematic -are disabled in the default value of the parameter when linked with -an OpenSSL library that could be vulnerable.

+specifies a list or bit-mask of default-enabled OpenSSL bug +work-arounds to disable. This may be necessary if one of the +work-arounds enabled by default in OpenSSL proves to pose a security +risk, or introduces an unexpected interoperability issue. The list +of enabled bug work-arounds is OpenSSL-release-specific. See the +tls_disable_workarounds parameter documentation for the list of +supported values.

Example:

@@ -940,19 +941,8 @@ more of the named options below, or a hexadecimal bitmask of options found in the ssl.h file corresponding to the run-time OpenSSL library. While it may be reasonable to turn off all bug workarounds (see above), it is not a good idea to attempt to turn on all features. -

- -
- -
LEGACY_SERVER_CONNECT
See SSL_CTX_set_options(3).
- -
NO_TICKET
See SSL_CTX_set_options(3).
- -
NO_COMPRESSION
Disable SSL compression even if -supported by the OpenSSL library. Compression is CPU-intensive, -and compression before encryption does not always improve security.
- -
+See the tls_ssl_options parameter documentation for the list of +supported values.

Example:

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 958e8de67..1ad2808b4 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -12125,8 +12125,10 @@ matches the underlying OpenSSL interface semantics.

The range of protocols advertised by an SSL/TLS client must be contiguous. When a protocol version is enabled, disabling any -higher version implicitly disables all versions above that higher -version. Thus, for example:

+higher version implicitly disables all versions above that higher version. +Thus, for example (assuming the OpenSSL library supports both SSLv2 +and SSLv3): +

 smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
@@ -12143,6 +12145,9 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 At the dane and
 dane-only security
 levels, when usable TLSA records are obtained for the remote SMTP
@@ -12455,11 +12460,13 @@ and "TLSv1". 

 
 
 The range of protocols advertised by an SSL/TLS client must be
 contiguous.  When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version.  Thus, for example: 

+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+

 

 
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
 

 

 
 also disables any protocols version higher than TLSv1 leaving
@@ -12470,6 +12477,9 @@ and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -16487,6 +16497,9 @@ disabled.  The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 Example: 

 
 
@@ -16518,6 +16531,9 @@ and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -17324,44 +17340,46 @@ you can only disable one of these via the hexadecimal syntax above. 

 
 

 
-
MICROSOFT_SESS_ID_BUG
 
See SSL_CTX_set_options(3)

+
CRYPTOPRO_TLSEXT_BUG
 
New with GOST support in
+OpenSSL 1.0.0.

 
-
NETSCAPE_CHALLENGE_BUG
 
See SSL_CTX_set_options(3)

+
DONT_INSERT_EMPTY_FRAGMENTS
 
See
+SSL_CTX_set_options(3)

 
 
LEGACY_SERVER_CONNECT
 
See SSL_CTX_set_options(3)

 
-
NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 
 also aliased
-as CVE-2010-4180. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.

-
-
SSLREF2_REUSE_CERT_TYPE_BUG
 
See
-SSL_CTX_set_options(3)

-
 
MICROSOFT_BIG_SSLV3_BUFFER
 
See
 SSL_CTX_set_options(3)

 
+
MICROSOFT_SESS_ID_BUG
 
See SSL_CTX_set_options(3)

+
 
MSIE_SSLV2_RSA_PADDING
 
 also aliased as
 CVE-2005-2969. Postfix 2.8 disables this work-around by
 default with OpenSSL versions that may predate the fix. Fixed in
 OpenSSL 0.9.7h and OpenSSL 0.9.8a.

 
+
NETSCAPE_CHALLENGE_BUG
 
See SSL_CTX_set_options(3)

+
+
NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 
 also aliased
+as CVE-2010-4180. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.

+
 
SSLEAY_080_CLIENT_DH_BUG
 
See
 SSL_CTX_set_options(3)

 
-
TLS_D5_BUG
 
See SSL_CTX_set_options(3)

+
SSLREF2_REUSE_CERT_TYPE_BUG
 
See
+SSL_CTX_set_options(3)

 
 
TLS_BLOCK_PADDING_BUG
 
See SSL_CTX_set_options(3)

 
+
TLS_D5_BUG
 
See SSL_CTX_set_options(3)

+
 
TLS_ROLLBACK_BUG
 
See SSL_CTX_set_options(3).
 This is disabled in OpenSSL 0.9.7 and later. Nobody should still
 be using 0.9.6! 

 
-
DONT_INSERT_EMPTY_FRAGMENTS
 
See
-SSL_CTX_set_options(3)

-
-
CRYPTOPRO_TLSEXT_BUG
 
New with GOST support in
-OpenSSL 1.0.0.

+
TLSEXT_PADDING
Postfix ≥ 3.4. See SSL_CTX_set_options(3).

 
 

 
@@ -17708,18 +17726,39 @@ in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
 server cipher preference.  Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea.  

+specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default.  The supported values
+include: 

 
 

 
+
ENABLE_MIDDLEBOX_COMPAT
 
Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).

+
 
LEGACY_SERVER_CONNECT
 
See SSL_CTX_set_options(3).

 
-
NO_TICKET
 
See SSL_CTX_set_options(3).

+
NO_TICKET
 
Enabled by default when needed in
+fully-patched Postfix ≥ 2.7.  Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption.  Best not set explicitly.  See SSL_CTX_set_options(3).

 
 
NO_COMPRESSION
 
Disable SSL compression even if
 supported by the OpenSSL library.  Compression is CPU-intensive,
 and compression before encryption does not always improve security.  

 
+
NO_RENEGOTIATION
 
Postfix ≥ 3.4.  This can
+reduce opportunities for a potential CPU exhaustion attack.  See
+SSL_CTX_set_options(3).

+
+
NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 
Postfix
+≥ 3.4. See SSL_CTX_set_options(3).

+
+
PRIORITIZE_CHACHA
 
Postfix ≥ 3.4. See SSL_CTX_set_options(3).

+
+
TLSEXT_PADDING
 
Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).

+
 

 
 
 This feature is available in Postfix 2.11 and later.  

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 285d323c2..3db8d5a65 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -7763,8 +7763,9 @@ matches the underlying OpenSSL interface semantics.
 .PP
 The range of protocols advertised by an SSL/TLS client must be
 contiguous.  When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version.  Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
 .sp
 .in +4
 .nf
@@ -7786,6 +7787,9 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2".
 .PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
 At the dane and
 dane\-only security
 levels, when usable TLSA records are obtained for the remote SMTP
@@ -8081,14 +8085,15 @@ and "TLSv1".
 .PP
 The range of protocols advertised by an SSL/TLS client must be
 contiguous.  When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version.  Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
 .sp
 .in +4
 .nf
 .na
 .ft C
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
 .fi
 .ad
 .ft R
@@ -8101,6 +8106,9 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"
 .PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -11306,6 +11314,9 @@ disabled.  The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
 Example:
 .PP
 .nf
@@ -11335,6 +11346,9 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -11911,57 +11925,60 @@ of specific named bug work\-arounds chosen from the list below. It
 is possible that your OpenSSL version includes new bug work\-arounds
 added after your Postfix source code was last updated, in that case
 you can only disable one of these via the hexadecimal syntax above.
-.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
+New with GOST support in
+OpenSSL 1.0.0.
 .br
-.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
 .br
 .IP "\fBLEGACY_SERVER_CONNECT\fR"
 See SSL_CTX_\fBset_options\fR(3)
 .br
-.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
-also aliased
-as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.
-.br
-.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
 .IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
 See
 SSL_CTX_\fBset_options\fR(3)
 .br
+.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
 .IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
 also aliased as
 \fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by
 default with OpenSSL versions that may predate the fix. Fixed in
 OpenSSL 0.9.7h and OpenSSL 0.9.8a.
 .br
+.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
+.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
+also aliased
+as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.
+.br
 .IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
 See
 SSL_CTX_\fBset_options\fR(3)
 .br
-.IP "\fBTLS_D5_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
 .br
 .IP "\fBTLS_BLOCK_PADDING_BUG\fR"
 See SSL_CTX_\fBset_options\fR(3)
 .br
+.IP "\fBTLS_D5_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
 .IP "\fBTLS_ROLLBACK_BUG\fR"
 See SSL_CTX_\fBset_options\fR(3).
 This is disabled in OpenSSL 0.9.7 and later. Nobody should still
 be using 0.9.6!
 .br
-.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
-.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
-New with GOST support in
-OpenSSL 1.0.0.
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
 .br
 .br
 .PP
@@ -12206,18 +12223,44 @@ in its value are enabled (see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
 server cipher preference.  Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea.
+specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
+bug work\-arounds are also valid here, allowing them to be re\-enabled
+if/when they're no longer enabled by default.  The supported values
+include:
+.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
 .IP "\fBLEGACY_SERVER_CONNECT\fR"
 See SSL_CTX_\fBset_options\fR(3).
 .br
 .IP "\fBNO_TICKET\fR"
-See SSL_CTX_\fBset_options\fR(3).
+Enabled by default when needed in
+fully\-patched Postfix >= 2.7.  Not needed at all for Postfix >=
+2.11, unless for some reason you do not want to support TLS session
+resumption.  Best not set explicitly.  See SSL_CTX_\fBset_options\fR(3).
 .br
 .IP "\fBNO_COMPRESSION\fR"
 Disable SSL compression even if
 supported by the OpenSSL library.  Compression is CPU\-intensive,
 and compression before encryption does not always improve security.
 .br
+.IP "\fBNO_RENEGOTIATION\fR"
+Postfix >= 3.4.  This can
+reduce opportunities for a potential CPU exhaustion attack.  See
+SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
+Postfix
+>= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBPRIORITIZE_CHACHA\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
 .br
 .PP
 This feature is available in Postfix 2.11 and later.
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index de1f8ac71..945591e16 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -917,12 +917,13 @@ handshake procedures.

With Postfix 2.8 and later, the tls_disable_workarounds parameter -specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This -may be necessary if one of the work-arounds enabled by default in -OpenSSL proves to pose a security risk, or introduces an unexpected -interoperability issue. Some bug work-arounds known to be problematic -are disabled in the default value of the parameter when linked with -an OpenSSL library that could be vulnerable.

+specifies a list or bit-mask of default-enabled OpenSSL bug +work-arounds to disable. This may be necessary if one of the +work-arounds enabled by default in OpenSSL proves to pose a security +risk, or introduces an unexpected interoperability issue. The list +of enabled bug work-arounds is OpenSSL-release-specific. See the +tls_disable_workarounds parameter documentation for the list of +supported values.

Example:

@@ -940,19 +941,8 @@ more of the named options below, or a hexadecimal bitmask of options found in the ssl.h file corresponding to the run-time OpenSSL library. While it may be reasonable to turn off all bug workarounds (see above), it is not a good idea to attempt to turn on all features. -

- -
- -
LEGACY_SERVER_CONNECT
See SSL_CTX_set_options(3).
- -
NO_TICKET
See SSL_CTX_set_options(3).
- -
NO_COMPRESSION
Disable SSL compression even if -supported by the OpenSSL library. Compression is CPU-intensive, -and compression before encryption does not always improve security.
- -
+See the tls_ssl_options parameter documentation for the list of +supported values.

Example:

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 004588afa..dcec276e0 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -11073,8 +11073,10 @@ matches the underlying OpenSSL interface semantics.

The range of protocols advertised by an SSL/TLS client must be contiguous. When a protocol version is enabled, disabling any -higher version implicitly disables all versions above that higher -version. Thus, for example:

+higher version implicitly disables all versions above that higher version. +Thus, for example (assuming the OpenSSL library supports both SSLv2 +and SSLv3): +

 smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
@@ -11091,6 +11093,9 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 At the dane and
 dane-only security
 levels, when usable TLSA records are obtained for the remote SMTP
@@ -11288,6 +11293,9 @@ disabled.  The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 Example: 

 
 
@@ -12415,11 +12423,13 @@ and "TLSv1". 

 
 
 The range of protocols advertised by an SSL/TLS client must be
 contiguous.  When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version.  Thus, for example: 

+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+

 

 
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
 

 

 
 also disables any protocols version higher than TLSv1 leaving
@@ -12430,6 +12440,9 @@ and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -12462,6 +12475,9 @@ and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
 versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". 

 
+
 OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix ≥ 3.4,
+this can be disabled, if need be, via "!TLSv1.3". 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -14647,44 +14663,46 @@ you can only disable one of these via the hexadecimal syntax above. 

 
 

 
-
MICROSOFT_SESS_ID_BUG
 
See SSL_CTX_set_options(3)

+
CRYPTOPRO_TLSEXT_BUG
 
New with GOST support in
+OpenSSL 1.0.0.

 
-
NETSCAPE_CHALLENGE_BUG
 
See SSL_CTX_set_options(3)

+
DONT_INSERT_EMPTY_FRAGMENTS
 
See
+SSL_CTX_set_options(3)

 
 
LEGACY_SERVER_CONNECT
 
See SSL_CTX_set_options(3)

 
-
NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 
 also aliased
-as CVE-2010-4180. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.

-
-
SSLREF2_REUSE_CERT_TYPE_BUG
 
See
-SSL_CTX_set_options(3)

-
 
MICROSOFT_BIG_SSLV3_BUFFER
 
See
 SSL_CTX_set_options(3)

 
+
MICROSOFT_SESS_ID_BUG
 
See SSL_CTX_set_options(3)

+
 
MSIE_SSLV2_RSA_PADDING
 
 also aliased as
 CVE-2005-2969. Postfix 2.8 disables this work-around by
 default with OpenSSL versions that may predate the fix. Fixed in
 OpenSSL 0.9.7h and OpenSSL 0.9.8a.

 
+
NETSCAPE_CHALLENGE_BUG
 
See SSL_CTX_set_options(3)

+
+
NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 
 also aliased
+as CVE-2010-4180. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.

+
 
SSLEAY_080_CLIENT_DH_BUG
 
See
 SSL_CTX_set_options(3)

 
-
TLS_D5_BUG
 
See SSL_CTX_set_options(3)

+
SSLREF2_REUSE_CERT_TYPE_BUG
 
See
+SSL_CTX_set_options(3)

 
 
TLS_BLOCK_PADDING_BUG
 
See SSL_CTX_set_options(3)

 
+
TLS_D5_BUG
 
See SSL_CTX_set_options(3)

+
 
TLS_ROLLBACK_BUG
 
See SSL_CTX_set_options(3).
 This is disabled in OpenSSL 0.9.7 and later. Nobody should still
 be using 0.9.6! 

 
-
DONT_INSERT_EMPTY_FRAGMENTS
 
See
-SSL_CTX_set_options(3)

-
-
CRYPTOPRO_TLSEXT_BUG
 
New with GOST support in
-OpenSSL 1.0.0.

+
TLSEXT_PADDING
Postfix ≥ 3.4. See SSL_CTX_set_options(3).

 
 

 
@@ -15751,18 +15769,39 @@ in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
 server cipher preference.  Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea.  

+specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default.  The supported values
+include: 

 
 

 
+
ENABLE_MIDDLEBOX_COMPAT
 
Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).

+
 
LEGACY_SERVER_CONNECT
 
See SSL_CTX_set_options(3).

 
-
NO_TICKET
 
See SSL_CTX_set_options(3).

+
NO_TICKET
 
Enabled by default when needed in
+fully-patched Postfix ≥ 2.7.  Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption.  Best not set explicitly.  See SSL_CTX_set_options(3).

 
 
NO_COMPRESSION
 
Disable SSL compression even if
 supported by the OpenSSL library.  Compression is CPU-intensive,
 and compression before encryption does not always improve security.  

 
+
NO_RENEGOTIATION
 
Postfix ≥ 3.4.  This can
+reduce opportunities for a potential CPU exhaustion attack.  See
+SSL_CTX_set_options(3).

+
+
NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 
Postfix
+≥ 3.4. See SSL_CTX_set_options(3).

+
+
PRIORITIZE_CHACHA
 
Postfix ≥ 3.4. See SSL_CTX_set_options(3).

+
+
TLSEXT_PADDING
 
Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).

+
 

 
 
 This feature is available in Postfix 2.11 and later.  

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 8d2f296ff..3ca2d3f8f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180519"
-#define MAIL_VERSION_NUMBER	"3.0.13"
+#define MAIL_RELEASE_DATE	"20181104"
+#define MAIL_VERSION_NUMBER	"3.0.14-RC1"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index b3fe68b8d..4e32855fd 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -1484,7 +1484,7 @@ static int finger(STATE *state)
     return (0);
 }
 
-#ifdef USE_TLS
+#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
 
 /* ssl_cleanup - free memory allocated in the OpenSSL library */
 
@@ -1502,7 +1502,8 @@ static void ssl_cleanup(void)
     CRYPTO_cleanup_all_ex_data();
 }
 
-#endif
+#endif					/* USE_TLS && OPENSSL_VERSION_NUMBER
+					 * < 0x10100000L */
 
 /* run - do what we were asked to do. */
 
@@ -1917,7 +1918,9 @@ int     main(int argc, char *argv[])
 
     /* Be valgrind friendly and clean-up */
     cleanup(&state);
-#ifdef USE_TLS
+
+    /* OpenSSL 1.1.0 and later (de)initialization is implicit */
+#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
     ssl_cleanup();
 #endif
 
diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 8efb03830..289b238d6 100644
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -77,13 +77,33 @@ extern const NAME_CODE tls_level_table[];
 
  /* Appease indent(1) */
 #define x509_stack_t STACK_OF(X509)
-#define x509_extension_stack_t STACK_OF(X509_EXTENSION)
 #define general_name_stack_t STACK_OF(GENERAL_NAME)
 #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
 #define ssl_comp_stack_t STACK_OF(SSL_COMP)
 
 #if (OPENSSL_VERSION_NUMBER < 0x00090700f)
 #error "need OpenSSL version 0.9.7 or later"
+#endif
+
+ /* Backwards compatibility with OpenSSL < 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#define X509_up_ref(x) \
+	CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
+#define EVP_PKEY_up_ref(k) \
+	CRYPTO_add(&((k)->references), 1, CRYPTO_LOCK_EVP_PKEY)
+#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
+#define X509_STORE_CTX_get0_untrusted(ctx) ((ctx)->untrusted)
+#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
+#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
+#define ASN1_STRING_get0_data ASN1_STRING_data
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+#endif
+
+ /* Backwards compatibility with OpenSSL < 1.1.1 */
+#if OPENSSL_VERSION_NUMBER < 0x1010100fUL
+#define SSL_CTX_set_num_tickets(ctx, num) ((void)0)
 #endif
 
 /* SSL_CIPHER_get_name() got constified in 0.9.7g */
@@ -348,10 +368,15 @@ extern void tls_param_init(void);
 #define SSL_OP_NO_TLSv1_2	0L	/* Noop */
 #endif
 
-#ifdef SSL_TXT_TLSV1_3
+ /*
+  * OpenSSL 1.1.1 does not define a TXT macro for TLS 1.3, so we roll our
+  * own.
+  */
+#define TLS_PROTOCOL_TXT_TLSV1_3	"TLSv1.3"
+
+#if defined(TLS1_3_VERSION) && defined(SSL_OP_NO_TLSv1_3)
 #define TLS_PROTOCOL_TLSv1_3	(1<<5)	/* TLSv1_3 */
 #else
-#define SSL_TXT_TLSV1_3		"TLSv1.3"
 #define TLS_PROTOCOL_TLSv1_3	0	/* Unknown */
 #undef  SSL_OP_NO_TLSv1_3
 #define SSL_OP_NO_TLSv1_3	0L	/* Noop */
@@ -359,7 +384,7 @@ extern void tls_param_init(void);
 
 #define TLS_KNOWN_PROTOCOLS \
 	( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
-	   | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 )
+	   | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
 #define TLS_SSL_OP_PROTOMASK(m) \
 	    ((((m) & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L) \
 	     | (((m) & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) \
diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c
index f50936aac..9dd8eaa3b 100644
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -299,6 +299,8 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
      */
     tls_check_version();
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
      * initialize the algorithms. We want cleartext error messages instead of
@@ -306,6 +308,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
      */
     SSL_load_error_strings();
     OpenSSL_add_ssl_algorithms();
+#endif
 
     /*
      * Create an application data index for SSL objects, so that we can
@@ -354,6 +357,10 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
 	tls_print_errors();
 	return (0);
     }
+#ifdef SSL_SECOP_PEER
+    /* Backwards compatible security as a base for opportunistic TLS. */
+    SSL_CTX_set_security_level(client_ctx, 0);
+#endif
 
     /*
      * See the verify callback in tls_verify.c
@@ -422,12 +429,18 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
 	return (0);
     }
 
+    /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
     /*
      * According to the OpenSSL documentation, temporary RSA key is needed
      * export ciphers are in use. We have to provide one, so well, we just do
      * it.
      */
     SSL_CTX_set_tmp_rsa_callback(client_ctx, tls_tmp_rsa_cb);
+#endif
 
     /*
      * Finally, the setup for the server certificate checking, done "by the
@@ -931,6 +944,12 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
     if (protomask != 0)
 	SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask));
 
+#ifdef SSL_SECOP_PEER
+    /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+    if (TLS_MUST_MATCH(props->tls_level))
+	SSL_set_security_level(TLScontext->con, 1);
+#endif
+
     /*
      * XXX To avoid memory leaks we must always call SSL_SESSION_free() after
      * calling SSL_set_session(), regardless of whether or not the session
diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index 1e91aa3cb..bbe3417e2 100644
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -551,7 +551,7 @@ static void ta_cert_insert(TLS_DANE *d, X509 *x)
 {
     TLS_CERTS *new = (TLS_CERTS *) mymalloc(sizeof(*new));
 
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     new->cert = x;
     new->next = d->certs;
     d->certs = new;
@@ -573,7 +573,7 @@ static void ta_pkey_insert(TLS_DANE *d, EVP_PKEY *k)
 {
     TLS_PKEYS *new = (TLS_PKEYS *) mymalloc(sizeof(*new));
 
-    CRYPTO_add(&k->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(k);
     new->pkey = k;
     new->next = d->pkeys;
     d->pkeys = new;
@@ -1402,30 +1402,20 @@ int     tls_dane_match(TLS_SESS_STATE *TLScontext, int usage,
     return (matched);
 }
 
-/* push_ext - push extension onto certificate's stack, else free it */
-
-static int push_ext(X509 *cert, X509_EXTENSION *ext)
-{
-    x509_extension_stack_t *exts;
-
-    if (ext) {
-	if ((exts = cert->cert_info->extensions) == 0)
-	    exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
-	if (exts && sk_X509_EXTENSION_push(exts, ext))
-	    return 1;
-	X509_EXTENSION_free(ext);
-    }
-    return 0;
-}
-
 /* add_ext - add simple extension (no config section references) */
 
 static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
 {
+    int     ret = 0;
     X509V3_CTX v3ctx;
+    X509_EXTENSION *ext;
 
     X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
-    return push_ext(subject, X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val));
+    if ((ext = X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val)) != 0) {
+	ret = X509_add_ext(subject, ext, -1);
+	X509_EXTENSION_free(ext);
+    }
+    return ret;
 }
 
 /* set_serial - set serial number to match akid or use subject's plus 1 */
@@ -1469,7 +1459,7 @@ static int add_akid(X509 *cert, AUTHORITY_KEYID *akid)
      * self-signature checks!
      */
     id = ((akid && akid->keyid) ? akid->keyid : 0);
-    if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c)
+    if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_get0_data(id) == c)
 	c = 1;
 
     if ((akid = AUTHORITY_KEYID_new()) != 0
@@ -1542,7 +1532,7 @@ static void grow_chain(TLS_SESS_STATE *TLScontext, int trusted, X509 *cert)
     if (cert) {
 	if (trusted && !X509_add1_trust_object(cert, serverAuth))
 	    msg_fatal("out of memory");
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	X509_up_ref(cert);
 	if (!sk_X509_push(*xs, cert))
 	    msg_fatal("out of memory");
     }
@@ -1587,10 +1577,10 @@ static void wrap_key(TLS_SESS_STATE *TLScontext, int depth,
      */
     if (!X509_set_version(cert, 2)
 	|| !set_serial(cert, akid, subject)
-	|| !X509_set_subject_name(cert, name)
 	|| !set_issuer_name(cert, akid)
-	|| !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L)
-	|| !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L)
+	|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
+	|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
+	|| !X509_set_subject_name(cert, name)
 	|| !X509_set_pubkey(cert, key ? key : signkey)
 	|| !add_ext(0, cert, NID_basic_constraints, "CA:TRUE")
 	|| (key && !add_akid(cert, akid))
@@ -1724,8 +1714,8 @@ static void set_trust(TLS_SESS_STATE *TLScontext, X509_STORE_CTX *ctx)
     int     depth = 0;
     EVP_PKEY *takey;
     X509   *ca;
-    X509   *cert = ctx->cert;		/* XXX: Accessor? */
-    x509_stack_t *in = ctx->untrusted;	/* XXX: Accessor? */
+    X509   *cert = X509_STORE_CTX_get0_cert(ctx);
+    x509_stack_t *in = X509_STORE_CTX_get0_untrusted(ctx);
 
     /* shallow copy */
     if ((in = sk_X509_dup(in)) == 0)
@@ -1806,7 +1796,7 @@ static int dane_cb(X509_STORE_CTX *ctx, void *app_ctx)
 {
     const char *myname = "dane_cb";
     TLS_SESS_STATE *TLScontext = (TLS_SESS_STATE *) app_ctx;
-    X509   *cert = ctx->cert;		/* XXX: accessor? */
+    X509   *cert = X509_STORE_CTX_get0_cert(ctx);
 
     /*
      * Degenerate case: depth 0 self-signed cert.
@@ -1836,9 +1826,9 @@ static int dane_cb(X509_STORE_CTX *ctx, void *app_ctx)
      * Check that setting the untrusted chain updates the expected structure
      * member at the expected offset.
      */
-    X509_STORE_CTX_trusted_stack(ctx, TLScontext->trusted);
-    X509_STORE_CTX_set_chain(ctx, TLScontext->untrusted);
-    if (ctx->untrusted != TLScontext->untrusted)
+    X509_STORE_CTX_set0_trusted_stack(ctx, TLScontext->trusted);
+    X509_STORE_CTX_set0_untrusted(ctx, TLScontext->untrusted);
+    if (X509_STORE_CTX_get0_untrusted(ctx) != TLScontext->untrusted)
 	msg_panic("%s: OpenSSL ABI change", myname);
 
     return X509_verify_cert(ctx);
@@ -2167,8 +2157,10 @@ static SSL_CTX *ctx_init(const char *CAfile)
     tls_param_init();
     tls_check_version();
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     SSL_load_error_strings();
     SSL_library_init();
+#endif
 
     if (!tls_validate_digest(LN_sha1))
 	msg_fatal("%s digest algorithm not available", LN_sha1);
diff --git a/postfix/src/tls/tls_fprint.c b/postfix/src/tls/tls_fprint.c
index a03e3cc1e..2bb7e21be 100644
--- a/postfix/src/tls/tls_fprint.c
+++ b/postfix/src/tls/tls_fprint.c
@@ -188,7 +188,7 @@ char   *tls_serverid_digest(const TLS_CLIENT_START_PROPS *props, long protomask,
 	msg_panic("digest algorithm \"%s\" not found", mdalg);
 
     /* Salt the session lookup key with the OpenSSL runtime version. */
-    sslversion = SSLeay();
+    sslversion = OpenSSL_version_num();
 
     mdctx = EVP_MD_CTX_create();
     checkok(EVP_DigestInit_ex(mdctx, md, NULL));
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 3497014ed..4be5a1983 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -254,7 +254,7 @@ static const NAME_CODE protocol_table[] = {
     SSL_TXT_TLSV1, TLS_PROTOCOL_TLSv1,
     SSL_TXT_TLSV1_1, TLS_PROTOCOL_TLSv1_1,
     SSL_TXT_TLSV1_2, TLS_PROTOCOL_TLSv1_2,
-    SSL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
+    TLS_PROTOCOL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
     0, TLS_PROTOCOL_INVALID,
 };
 
@@ -330,6 +330,29 @@ static const LONG_NAME_MASK ssl_bug_tweaks[] = {
 #define SSL_OP_CRYPTOPRO_TLSEXT_BUG		0
 #endif
     NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
+
+#ifndef SSL_OP_TLSEXT_PADDING
+#define SSL_OP_TLSEXT_PADDING	0
+#endif
+    NAMEBUG(TLSEXT_PADDING),
+
+#if 0
+
+    /*
+     * XXX: New with OpenSSL 1.1.1, this is turned on implicitly in
+     * SSL_CTX_new() and is not included in SSL_OP_ALL.  Allowing users to
+     * disable this would thus a code change that would clearing bug
+     * work-around bits in SSL_CTX, after setting SSL_OP_ALL.  Since this is
+     * presumably required for TLS 1.3 on today's Internet, the code change
+     * will be done separately later.  For now this implicit bug work-around
+     * cannot be disabled via supported Postfix mechanisms.
+     */
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT	0
+#endif
+    NAMEBUG(ENABLE_MIDDLEBOX_COMPAT),
+#endif
+
     0, 0,
 };
 
@@ -355,9 +378,42 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
 #define SSL_OP_NO_COMPRESSION		0
 #endif
     NAME_SSL_OP(NO_COMPRESSION),
+
+#ifndef SSL_OP_NO_RENEGOTIATION
+#define SSL_OP_NO_RENEGOTIATION		0
+#endif
+    NAME_SSL_OP(NO_RENEGOTIATION),
+
+#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0
+#endif
+    NAME_SSL_OP(NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+
+#ifndef SSL_OP_PRIORITIZE_CHACHA
+#define SSL_OP_PRIORITIZE_CHACHA	0
+#endif
+    NAME_SSL_OP(PRIORITIZE_CHACHA),
+
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT	0
+#endif
+    NAME_SSL_OP(ENABLE_MIDDLEBOX_COMPAT),
+
     0, 0,
 };
 
+ /*
+  * Once these have been a NOOP long enough, they might some day be removed
+  * from OpenSSL.  The defines below will avoid bitrot issues if/when that
+  * happens.
+  */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
  /*
   * Ciphersuite name <=> code conversion.
   */
@@ -461,7 +517,7 @@ static const char *tls_exclude_missing(SSL_CTX *ctx, VSTRING *buf)
     static ARGV *exclude;		/* Cached */
     SSL    *s = 0;
     ssl_cipher_stack_t *ciphers;
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     const cipher_probe_t *probe;
     int     alg_bits;
     int     num;
@@ -935,11 +991,18 @@ void    tls_check_version(void)
     TLS_VINFO lib_info;
 
     tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
-    tls_version_split(SSLeay(), &lib_info);
+    tls_version_split(OpenSSL_version_num(), &lib_info);
 
+    /*
+     * Warn if run-time library is different from compile-time library,
+     * allowing later run-time "micro" versions starting with 1.1.0.
+     */
     if (lib_info.major != hdr_info.major
 	|| lib_info.minor != hdr_info.minor
-	|| lib_info.micro != hdr_info.micro)
+	|| (lib_info.micro != hdr_info.micro
+	    && (lib_info.micro < hdr_info.micro
+		|| hdr_info.major == 0
+		|| (hdr_info.major == 1 && hdr_info.minor == 0))))
 	msg_warn("run-time library vs. compile-time header version mismatch: "
 	     "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
 		 lib_info.major, lib_info.minor, lib_info.micro,
@@ -954,7 +1017,7 @@ long    tls_bug_bits(void)
 
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
 	OPENSSL_VERSION_NUMBER < 0x10000000L
-    long    lib_version = SSLeay();
+    long    lib_version = OpenSSL_version_num();
 
     /*
      * In OpenSSL 0.9.8[ab], enabling zlib compression breaks the padding bug
@@ -998,6 +1061,14 @@ long    tls_bug_bits(void)
 	enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
 	bits |= enable;
     }
+
+    /*
+     * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+     * keys via a callback, so reuse was never possible, but the ECDH key is
+     * set statically, so that is potentially subject to reuse.  Set both
+     * options just in case.
+     */
+    bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
     return (bits);
 }
 
diff --git a/postfix/src/tls/tls_rsa.c b/postfix/src/tls/tls_rsa.c
index aba4142d2..c440b1e9f 100644
--- a/postfix/src/tls/tls_rsa.c
+++ b/postfix/src/tls/tls_rsa.c
@@ -54,6 +54,11 @@
 #include 
 #include 
 
+ /*
+  * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+  */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
 /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
 
 RSA    *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
@@ -91,14 +96,21 @@ RSA    *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
     return (rsa_tmp);
 }
 
+#endif					/* OPENSSL_VERSION_NUMBER */
+
 #ifdef TEST
 
 #include 
 
 int     main(int unused_argc, char *const argv[])
 {
+    int     ok = 0;
+
+    /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     RSA    *rsa;
-    int     ok;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
 
@@ -111,6 +123,7 @@ int     main(int unused_argc, char *const argv[])
     /* Non-export or unexpected bit length should fail */
     ok = ok && tls_tmp_rsa_cb(0, 0, 512) == 0;
     ok = ok && tls_tmp_rsa_cb(0, 1, 1024) == 0;
+#endif
 
     return ok ? 0 : 1;
 }
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index b74c32736..b076af2cb 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -173,9 +173,18 @@ static const char server_session_id_context[] = "Postfix/TLS";
 
 #endif					/* OPENSSL_VERSION_NUMBER */
 
+ /* OpenSSL 1.1.0 bitrot */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+typedef const unsigned char *session_id_t;
+
+#else
+typedef unsigned char *session_id_t;
+
+#endif
+
 /* get_server_session_cb - callback to retrieve session from server cache */
 
-static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id,
+static SSL_SESSION *get_server_session_cb(SSL *ssl, session_id_t session_id,
 					          int session_id_length,
 					          int *unused_copy)
 {
@@ -193,7 +202,7 @@ static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id,
 	buf = vstring_alloc(2 * (len + strlen(service))); \
 	hex_encode(buf, (char *) (id), (len)); \
 	vstring_sprintf_append(buf, "&s=%s", (service)); \
-	vstring_sprintf_append(buf, "&l=%ld", (long) SSLeay()); \
+	vstring_sprintf_append(buf, "&l=%ld", (long) OpenSSL_version_num()); \
     } while (0)
 
 
@@ -368,6 +377,8 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
      */
     tls_check_version();
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
      * initialize the algorithms. We want cleartext error messages instead of
@@ -375,6 +386,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
      */
     SSL_load_error_strings();
     OpenSSL_add_ssl_algorithms();
+#endif
 
     /*
      * First validate the protocols. If these are invalid, we can't continue.
@@ -436,6 +448,10 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
 	tls_print_errors();
 	return (0);
     }
+#ifdef SSL_SECOP_PEER
+    /* Backwards compatible security as a base for opportunistic TLS. */
+    SSL_CTX_set_security_level(server_ctx, 0);
+#endif
 
     /*
      * See the verify callback in tls_verify.c
@@ -485,8 +501,23 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
 	    ticketable = 0;
 	}
     }
-    if (ticketable)
+    if (ticketable) {
 	SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_cb);
+
+	/*
+	 * OpenSSL 1.1.1 introduces support for TLS 1.3, which can issue more
+	 * than one ticket per handshake.  While this may be appropriate for
+	 * communication between browsers and webservers, it is not terribly
+	 * useful for MTAs, many of which other than Postfix don't do TLS
+	 * session caching at all, and Postfix has no mechanism for storing
+	 * multiple session tickets, if more than one sent, the second
+	 * clobbers the first.  OpenSSL 1.1.1 servers default to issuing two
+	 * tickets for non-resumption handshakes, we reduce this to one.  Our
+	 * ticket decryption callback already (since 2.11) asks OpenSSL to
+	 * avoid issuing new tickets when the presented ticket is re-usable.
+	 */
+	SSL_CTX_set_num_tickets(server_ctx, 1);
+    }
 #endif
     if (!ticketable)
 	off |= SSL_OP_NO_TICKET;
@@ -560,12 +591,18 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
 	return (0);
     }
 
+    /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
     /*
      * According to OpenSSL documentation, a temporary RSA key is needed when
      * export ciphers are in use, because the certified key cannot be
      * directly used.
      */
     SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+#endif
 
     /*
      * Diffie-Hellman key generation parameters can either be loaded from
@@ -738,6 +775,11 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
 	tls_free_context(TLScontext);
 	return (0);
     }
+#ifdef SSL_SECOP_PEER
+    /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+    if (props->requirecert)
+	SSL_set_security_level(TLScontext->con, 1);
+#endif
 
     /*
      * Before really starting anything, try to seed the PRNG a little bit
@@ -868,6 +910,22 @@ TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)
 		     TLScontext->peer_pkey_fprint);
 	}
 	X509_free(peer);
+
+	/*
+	 * Give them a clue. Problems with trust chain verification are
+	 * logged when the session is first negotiated, before the session is
+	 * stored into the cache. We don't want mystery failures, so log the
+	 * fact the real problem is to be found in the past.
+	 */
+	if (!TLS_CERT_IS_TRUSTED(TLScontext)
+	    && (TLScontext->log_mask & TLS_LOG_UNTRUSTED)) {
+	    if (TLScontext->session_reused == 0)
+		tls_log_verify_error(TLScontext);
+	    else
+		msg_info("%s: re-using session with untrusted certificate, "
+			 "look for details earlier in the log",
+			 TLScontext->namaddr);
+	}
     } else {
 	TLScontext->peer_CN = mystrdup("");
 	TLScontext->issuer_CN = mystrdup("");
diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index cbaae83cc..87af0c6f7 100644
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -138,7 +138,7 @@ static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
     if (TLScontext->errorcert != 0)
 	X509_free(TLScontext->errorcert);
     if (errorcert != 0)
-	CRYPTO_add(&errorcert->references, 1, CRYPTO_LOCK_X509);
+	X509_up_ref(errorcert);
     TLScontext->errorcert = errorcert;
     TLScontext->errorcode = errorcode;
     TLScontext->errordepth = depth;
@@ -440,7 +440,7 @@ const char *tls_dns_name(const GENERAL_NAME * gn,
     /*
      * Safe to treat as an ASCII string possibly holding a DNS name
      */
-    dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
+    dnsname = (const char *) ASN1_STRING_get0_data(gn->d.ia5);
     len = ASN1_STRING_length(gn->d.ia5);
     TRIM0(dnsname, len);