Release: first production snapshot with multiple outbound
deliveries per TLS-encrypted connection.
+
+20180618
+
+ Quick tlsproxy workaround: after the remote TLS peer shuts
+ down TLS, allow unsent inbound plaintext to trickle out
+ before tearing down the proxied connection. This addresses
+ a sporadic "lost connection after end-of-data" error in the
+ Postfix SMTP client, and addresses a sporadic "lost connection
+ after sending QUIT" error with "posttls-finger -X". File:
+ tlsproxy/tlsproxy.c.
Under high-traffic conditions, the Postfix SMTP client will use the
scache(8) connection cache to store and retrieve open connections.
This part already existed for plaintext SMTP, and it works in the
-same way for TLS-encryped connections.
+same way for TLS-encrypted connections.
The following illustrates how TLS connections are reused:
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180617"
+#define MAIL_RELEASE_DATE "20180618"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
tls_print_errors();
/* FALLTHROUGH */
default:
+
+ /*
+ * Allow buffered-up plaintext output to trickle out.
+ */
+ if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf))
+ return (TLSP_STAT_OK);
tlsp_state_free(state);
return (TLSP_STAT_ERR);
}
"(bogus_direction)", state->remote_endpt);
state->req_flags = req_flags;
/* state->is_server_role is set below. */
- state->handshake_timeout = handshake_timeout + 10; /* XXX */
+ state->handshake_timeout = handshake_timeout;
state->session_timeout = session_timeout + 10; /* XXX */
/*
projects / thirdparty / postfix.git / commitdiff
