From: Wietse Venema Date: Wed, 20 Jun 2018 05:00:00 +0000 (-0500) Subject: postfix-3.4-20180620 X-Git-Tag: v3.4.0-RC1~32 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7ffa7722bb89fef4f2527a737e1b623c9bf8d009;p=thirdparty%2Fpostfix.git postfix-3.4-20180620 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index d441ccc88..ff2cd9c4e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23555,3 +23555,20 @@ Apologies for any names omitted. connection to an MX host, before that connection is stored under a nexthop- or host-based storage key. Files: smtp/smtp_connect.c, smtp/smtp.h. + +20180620 + + TLS connection reuse: save and restore the TLS level for a + reused connection, so that the reused connection will be + saved under a key that matches the connection's original + TLS level. This was not a problem for destinations that + require certificate verification, because we currently reuse + connections that require certificate checks only if they + are looked up by their nexthop destination. File: + smtp/smtp_session.c. + + TLS connection reuse: with TLS level > encrypt, prohibit + sharing of the same connection endpoint under different + nexthops, by making the nexthop part of the endpoint-based + connection cache lookup key. File: smtp/smtp.h. + diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 11ab6f264..07ca8baf9 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,21 +1,5 @@ Wish list: - When a connection is looked up by nexthop, we get a connection - that was stored under some MX destination address and TLS - level, but we don't get to find out the TLS level that was - in effect when the connection was stored. This means that - when a reused connection is saved, it will be saved under - a key for a TLS level that may not match the connection's - initial TLS level. This is not a problem for destinations - that require certificate verification, because we currently - don't reuse connections that require certificate checks. - But we should eventually store a reused connection under a - key with the right level. - - Store the TLS level that is in effect with the connection - that is stored under the destination address, so that it - can later be saved under that level. - Add 'retire after max_use * max_idle' support to the event-server, so that tlsproxy processes will terminate even on a busy server. This can build on the retirement diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index cae2e7cb4..ae5a7366d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180619" +#define MAIL_RELEASE_DATE "20180620" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 4dbfa180f..a09abb711 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -643,6 +643,14 @@ char *smtp_key_prefix(VSTRING *, const char *, SMTP_ITERATOR *, int); #define COND_SASL_SMTP_KEY_FLAG_NEXTHOP \ (*var_smtp_sasl_passwd ? SMTP_KEY_FLAG_NEXTHOP : 0) +#ifdef USE_TLS +#define COND_TLS_SMTP_KEY_FLAG_NEXTHOP \ + (state->tls->level > TLS_LEV_ENCRYPT ? SMTP_KEY_FLAG_NEXTHOP : 0) +#else +#define COND_TLS_SMTP_KEY_FLAG_NEXTHOP \ + (0) +#endif + #define COND_SASL_SMTP_KEY_FLAG_HOSTNAME \ (*var_smtp_sasl_passwd ? SMTP_KEY_FLAG_HOSTNAME : 0) @@ -666,7 +674,8 @@ char *smtp_key_prefix(VSTRING *, const char *, SMTP_ITERATOR *, int); #define SMTP_KEY_MASK_SCACHE_ENDP_LABEL \ (SMTP_KEY_FLAG_SERVICE | COND_SASL_SMTP_KEY_FLAG_SENDER \ | COND_SASL_SMTP_KEY_FLAG_NEXTHOP | COND_SASL_SMTP_KEY_FLAG_HOSTNAME \ - | SMTP_KEY_FLAG_ADDR | SMTP_KEY_FLAG_PORT | SMTP_KEY_FLAG_TLS_LEVEL) + | COND_TLS_SMTP_KEY_FLAG_NEXTHOP | SMTP_KEY_FLAG_ADDR | \ + SMTP_KEY_FLAG_PORT | SMTP_KEY_FLAG_TLS_LEVEL) /* * Silly little macros. diff --git a/postfix/src/smtp/smtp_session.c b/postfix/src/smtp/smtp_session.c index 9fa8cd285..2b4ce8675 100644 --- a/postfix/src/smtp/smtp_session.c +++ b/postfix/src/smtp/smtp_session.c @@ -232,14 +232,21 @@ int smtp_session_passivate(SMTP_SESSION *session, VSTRING *dest_prop, * serialize the properties with attr_print() instead of using ad-hoc, * non-reusable, code and hard-coded format strings. * - * TODO(tlsproxy): save TLS_SESS_STATE information so that we can - * restore TLS session properties. + * TODO(tlsproxy): save TLS_SESS_STATE information so that we can restore + * TLS session properties. * * TODO: save SASL username and password information so that we can * correctly save a reused authenticated connection. + * + * Note: the TLS level field is always present. */ - vstring_sprintf(dest_prop, "%s\n%s\n%s\n%u", + vstring_sprintf(dest_prop, "%s\n%s\n%s\n%u\n%u", STR(iter->dest), STR(iter->host), STR(iter->addr), +#ifdef USE_TLS + iter->parent->tls->level, +#else + 0, +#endif session->features & SMTP_FEATURE_DESTINATION_MASK); /* @@ -301,6 +308,11 @@ SMTP_SESSION *smtp_session_activate(int fd, SMTP_ITERATOR *iter, time_t expire_time; /* session re-use expiration time */ unsigned reuse_count; /* # times reused */ +#ifdef USE_TLS + SMTP_TLS_POLICY *tls = iter->parent->tls; + +#endif + /* * XXX it would be nice to have a VSTRING to VSTREAM adapter so that we * can de-serialize the properties with attr_scan(), instead of using @@ -356,6 +368,16 @@ SMTP_SESSION *smtp_session_activate(int fd, SMTP_ITERATOR *iter, msg_warn("%s: missing cached session address property", myname); return (0); } + /* Note: the TLS level field is always present. */ + if ((prop = mystrtok(&dest_props, "\n")) == 0 || !alldig(prop)) { + msg_warn("%s: bad cached destination TLS level property", myname); + return (0); + } +#ifdef USE_TLS + tls->level = atoi(prop); + if (msg_verbose) + msg_info("%s: tls_level=%d", myname, tls->level); +#endif if ((prop = mystrtok(&dest_props, "\n")) == 0 || !alldig(prop)) { msg_warn("%s: bad cached destination features property", myname); return (0);