mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-2.11-20130608

Browse Source
This commit is contained in:
Wietse Venema 2013-06-08 00:44:29 -04:00 committed by Viktor Dukhovni
parent 9a371608e1
commit ae9ba12ff5
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
postfix/HISTORY
View File

@ -18698,3 +18698,8 @@ Apologies for any names omitted.
Robustness: check that TLSA-supplied certs have valid keys. Robustness: check that TLSA-supplied certs have valid keys.
It is not clear whether that check is performed in d2i(). It is not clear whether that check is performed in d2i().
Viktor Dukhovni. tls/tls_dane.c. Viktor Dukhovni. tls/tls_dane.c.
20130608
Cleanup (DANE support): be more explicit in the logging of
object digests. Viktor Dukhovni. tls/tls_dane.c.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20130607" #define MAIL_RELEASE_DATE "20130608"
#define MAIL_VERSION_NUMBER "2.11" #define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT #ifdef SNAPSHOT

17
postfix/src/tls/tls_dane.c
View File

@ -661,14 +661,27 @@ static void parse_tlsa_rrs(TLS_DANE *dane, DNS_RR *rr)
* The cert or key was valid, just digest the raw object, and * The cert or key was valid, just digest the raw object, and
* encode the digest value. We choose SHA256. * encode the digest value. We choose SHA256.
*/ */
dane_add(dane, usage, selector, sha256, dane_add(dane, usage, selector, mdalg = sha256,
digest = tls_data_fprint((char *) ip, mlen, sha256)); digest = tls_data_fprint((char *) ip, mlen, sha256));
break; break;
} }
if (msg_verbose || dane_verbose) if (msg_verbose || dane_verbose) {
switch (mtype) {
default:
msg_info("using DANE RR: %s%s%s IN TLSA %u %u %u %s", msg_info("using DANE RR: %s%s%s IN TLSA %u %u %u %s",
rcname(rr), rarrow(rr), rr->rname, rcname(rr), rarrow(rr), rr->rname,
usage, selector, mtype, digest); usage, selector, mtype, digest);
break;
case DNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
msg_info("using DANE RR: %s%s%s IN TLSA %u %u %u <%s>; "
"%s digest %s",
rcname(rr), rarrow(rr), rr->rname,
usage, selector, mtype,
(selector == DNS_TLSA_SELECTOR_FULL_CERTIFICATE) ?
"certificate" : "public key", mdalg, digest);
break;
}
}
myfree(digest); myfree(digest);
} }