mirror of
https://github.com/vdukhovni/postfix
synced 2025-08-31 06:05:37 +00:00
postfix-3.9-20231212
This commit is contained in:
committed by
Viktor Dukhovni
parent
984278aadf
commit
0f39d92148
@@ -27603,3 +27603,10 @@ Apologies for any names omitted.
|
||||
Feature: the pipe(8) delivery agent supports an ${envid}
|
||||
command-line attribute that expands to the RFC 3461 envelope
|
||||
ID if available. File: pipe/pipe.c.
|
||||
|
||||
20231211
|
||||
|
||||
Cleanup: posttls-finger certificate match expectations for
|
||||
all TLS security levels, including warnings for levels that
|
||||
don't implement certificate matching. Viktor Dukhovni.
|
||||
File: posttls-finger.c.
|
||||
|
@@ -20,7 +20,7 @@
|
||||
* Patches change both the patchlevel and the release date. Snapshots have no
|
||||
* patchlevel; they change the release date only.
|
||||
*/
|
||||
#define MAIL_RELEASE_DATE "20231210"
|
||||
#define MAIL_RELEASE_DATE "20231212"
|
||||
#define MAIL_VERSION_NUMBER "3.9"
|
||||
|
||||
#ifdef SNAPSHOT
|
||||
|
@@ -839,7 +839,7 @@ static int starttls(STATE *state)
|
||||
state->ddane : state->dane);
|
||||
|
||||
#define PROXY_OPEN_FLAGS \
|
||||
(TLS_PROXY_FLAG_ROLE_CLIENT | TLS_PROXY_FLAG_SEND_CONTEXT)
|
||||
(TLS_PROXY_FLAG_ROLE_CLIENT | TLS_PROXY_FLAG_SEND_CONTEXT)
|
||||
#define var_tlsproxy_service
|
||||
|
||||
if ((cwd_fd = open(".", O_RDONLY)) < 0)
|
||||
@@ -900,7 +900,7 @@ static int starttls(STATE *state)
|
||||
if (state->tls_context) {
|
||||
if (state->log_mask &
|
||||
(TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) {
|
||||
if (state->tls_context->stoc_rpk)
|
||||
if (state->tls_context->stoc_rpk)
|
||||
msg_info("%s: pkey_fingerprint=%s", state->namaddrport,
|
||||
state->tls_context->peer_pkey_fprint);
|
||||
else
|
||||
@@ -911,7 +911,7 @@ static int starttls(STATE *state)
|
||||
state->tls_context->issuer_CN,
|
||||
state->tls_context->peer_cert_fprint,
|
||||
state->tls_context->peer_pkey_fprint);
|
||||
}
|
||||
}
|
||||
tls_log_summary(TLS_ROLE_CLIENT, TLS_USAGE_NEW,
|
||||
state->tls_context);
|
||||
} else {
|
||||
@@ -1252,7 +1252,7 @@ static DNS_RR *addr_one(STATE *state, DNS_RR *addr_list, const char *host,
|
||||
* should not clobber a soft error text and status code.
|
||||
*/
|
||||
#define RETRY_AI_ERROR(e) \
|
||||
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
|
||||
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
|
||||
#ifdef EAI_NODATA
|
||||
#define DSN_NOHOST(e) \
|
||||
((e) == EAI_AGAIN || (e) == EAI_NODATA || (e) == EAI_NONAME)
|
||||
@@ -2145,8 +2145,12 @@ static void parse_match(STATE *state, int argc, char *argv[])
|
||||
switch (state->level) {
|
||||
default:
|
||||
state->match = 0;
|
||||
if (*argv)
|
||||
msg_warn("TLS level '%s' does not implement certificate matching",
|
||||
str_tls_level(state->level));
|
||||
break;
|
||||
case TLS_LEV_DANE:
|
||||
case TLS_LEV_DANE_ONLY:
|
||||
case TLS_LEV_SECURE:
|
||||
state->match = argv_alloc(2);
|
||||
while (*argv)
|
||||
|
Reference in New Issue
Block a user