postfix-3.5-20190307

2025-08-29 21:27:57 +00:00 · 2019-03-07 00:00:00 -05:00 · 2019-03-07 00:00:00 -05:00 · 6866cb3b71
commit 6866cb3b71
parent f68f510758
4 changed files with 23 additions and 7 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -24175,7 +24175,7 @@ Apologies for any names omitted.

 20190304

-	Bugfix: a reversed test broke TLS configurations that have
-	the private key and certificate in the same file. Reported
-	by Mike Kazantsev. Fix by Viktor Dukhovni. File:
-	tls/tls_certkey.c.
+	Bugfix: a reversed test broke TLS configurations that specify
+	the same filename for a private key and certificate. Reported
+	by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
+	test. Files: tls/tls_certkey.c, tls/Makefile.in.
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20190304"
+#define MAIL_RELEASE_DATE	"20190307"
 #define MAIL_VERSION_NUMBER	"3.5"

 #ifdef SNAPSHOT
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@ -58,6 +58,16 @@ tls_certkey_tests: test
 	    $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -m $$pem > $$pem.out 2>&1 || exit 1; \
 	    diff $$pem.ref $$pem.out || exit 1; \
 	    echo "  $$pem: OK"; \
+	    $(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k $$pem $$pem > $$pem.out 2>&1 || exit 1; \
+	    diff $$pem.ref $$pem.out || exit 1; \
+	    echo "  $$pem (with key in $$pem): OK"; \
+	    case $$pem in good-*) \
+		ln -sf $$pem tmpkey.pem; \
+		$(SHLIB_ENV) $(VALGRIND) ./tls_certkey -k tmpkey.pem $$pem > $$pem.out 2>&1 || exit 1; \
+		diff $$pem.ref $$pem.out || exit 1; \
+		echo "  $$pem (with key in tmpkey.pem): OK"; \
+		rm -f tmpkey.pem;; \
+	    esac; \
 	done; \
 	for pem in bad-*.pem; do \
 	    $(SHLIB_ENV) $(VALGRIND) ./tls_certkey $$pem > $$pem.out 2>&1 && exit 1 || : ok; \
--- a/postfix/src/tls/tls_certkey.c
+++ b/postfix/src/tls/tls_certkey.c
@ -690,6 +690,7 @@ int     main(int argc, char *argv[])
    int     ch;
    int     mixed = 0;
    int     ret;
+    char   *key_file = 0;
    SSL_CTX *ctx;

 #if OPENSSL_VERSION_NUMBER < 0x10100000L
@ -707,8 +708,11 @@ int     main(int argc, char *argv[])
 	tls_print_errors();
 	exit(1);
    }
-    while ((ch = GETOPT(argc, argv, "m")) > 0) {
+    while ((ch = GETOPT(argc, argv, "mk:")) > 0) {
 	switch (ch) {
+	case 'k':
+	    key_file = optarg;
+	    break;
 	case 'm':
 	    mixed = 1;
 	    break;
@ -722,7 +726,9 @@ int     main(int argc, char *argv[])
    if (argc < 1)
 	usage();

-    if (mixed)
+    if (key_file)
+	ret = set_cert_stuff(ctx, "any", argv[0], key_file) == 0;
+    else if (mixed)
 	ret = load_mixed_file(ctx, argv[0]);
    else
 	ret = load_chain_files(ctx, argv[0]);