From bae8893bf5144f4fd277a82b06a0280d4e30a3ce Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 5 Jul 2006 00:00:00 -0500 Subject: [PATCH] postfix-2.3-RC6 --- postfix/HISTORY | 62 ++++++++++++------------- postfix/README_FILES/MILTER_README | 2 +- postfix/README_FILES/TLS_README | 7 ++- postfix/html/MILTER_README.html | 2 +- postfix/html/TLS_README.html | 8 ++-- postfix/html/bounce.8.html | 3 +- postfix/man/man8/bounce.8 | 3 +- postfix/proto/MILTER_README.html | 2 +- postfix/proto/TLS_README.html | 8 ++-- postfix/src/bounce/bounce.c | 3 +- postfix/src/bounce/bounce_notify_util.c | 6 +++ postfix/src/cleanup/cleanup_milter.c | 10 ++-- postfix/src/global/is_header.c | 1 + postfix/src/global/mail_version.h | 4 +- postfix/src/milter/milter8.c | 6 +-- postfix/src/milter/test-milter.c | 2 +- postfix/src/smtp/Makefile.in | 12 +++++ postfix/src/smtp/smtp.h | 9 ++++ postfix/src/smtp/smtp_connect.c | 3 +- postfix/src/smtp/smtp_proto.c | 16 +++---- postfix/src/smtpd/Makefile.in | 8 ++++ postfix/src/tls/Makefile.in | 11 +++++ postfix/src/tls/tls.h | 2 +- postfix/src/tls/tls_client.c | 35 ++++++++------ postfix/src/tls/tls_mgr.c | 16 ++++--- postfix/src/tls/tls_misc.c | 16 +++++-- postfix/src/tls/tls_server.c | 20 ++++---- postfix/src/tlsmgr/Makefile.in | 1 + postfix/src/tlsmgr/tlsmgr.c | 5 +- 29 files changed, 177 insertions(+), 106 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 3e27f5426..53c0959cd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12430,7 +12430,7 @@ Apologies for any names omitted. header and the rest of the message, violating the draft domainkeys spec. -20070602 +20060702 Cleanup: more graceful handling of queue file read/write errors while processing milter message modification requests. @@ -12450,8 +12450,31 @@ Apologies for any names omitted. Bugfix: the Milter client skipped zero-length body lines. File: milter/milter8.c. + Feature (just this one): RFC 3834 "Auto-Submitted:" message + header in DSNs. File: bounce/bounce_notify_util.c. + +20060705 + + Portability: LP64 systems required a few ssize_t->int casts + in debug logging statements. Files: milter/test_milter.c, + cleanup/cleanup_milter.c. + + Cleanup: comments, error messages, and crumbling interfaces. + Wish list: + The usage of TLScontext->cache_type is not clear. It specifies + a TLS session cache name, but it is sometimes used as an + indicator whether or not TLS session caching is available. + In reality, that decision is made by the tlsmgr process, + and in response to initialization errors in a TLS server + or client process. + + Postfix TLS library code should copy any strings that it + receives from the application, instead of passing them + around as pointers. TLScontext->cache_type is a case in + point. + In the SMTPD policy client (encode or strip) non-printable non-ASCII in (TLS or all) attributes. @@ -12461,9 +12484,6 @@ Wish list: Introduce structured API for tls_server_mumble() just like with smtp(8): this eliminates ever-growing lists of arguments. - With (non)delivery notifications, prepend an "Auto-Submitted: - auto-replied" header, as per RFC 3834. - Defer delivery when a SASL password exists but the server does not offer SASL authentication, as mail might otherwise be bounced. This may become an issue now that Postfix will @@ -12480,7 +12500,8 @@ Wish list: Sendmail. Likewise, addresses in add/delete requests should be internalized before updating the queue file. - Check that UINT32 == in choice is ok (i.e. LP64 UNIX). + Check that "UINT32 == unsigned int" choice is ok (i.e. LP64 + UNIX). Fix milter_argv() so it does not forget how much memory it has. @@ -12489,9 +12510,6 @@ Wish list: while it is configured in an SMTP server that runs before the smtpd_proxy filter. - Don't send xforward attributes to every site that announces - xforward support. - The sendmail command should not return non-std exit status after fatal error in some internal library routine. @@ -12499,20 +12517,10 @@ Wish list: Keep whitespace between label and ":"? - Make XCLIENT/XFORWARD future proof: send xtext and accept - old non-xtext. - Make the map case folding/locking options configurable, if not at run-time then at least at compile time so we get consistent behavior across applications. - Investigate if it is feasible to eliminate cleanup(8) from - the path of mail that is forwarded or generated internally. - Good: we don't want header rewriting or content inspection. - Bad: we still need virtual aliasing, even when mail is - forwarded internally. This almost seems to imply that we - do virtual aliasing earlier? - Investigate what it would take to eliminate oqmgr, and to make the old behavior configurable in a unified queue manager. This would shave another 2.7 KLOC from the source @@ -12525,7 +12533,7 @@ Wish list: Softbounce fallback-to-ISP for SOHO users. This requires playing with with the soft_error test in the smtp_trouble.c - module, and a way to avoid trying direct-to-MX-backup. + module, and a way to avoid trying direct-to-backup-MX. select -> kqueue, epoll, /dev/poll, poll() ... @@ -12535,7 +12543,8 @@ Wish list: access rule. Centralize main.cf parameter input so that defaults work - consistently. + consistently. What about parameter names that are prefixed + with mail delivery transport names? Fix default time unit handling so that we can have a default bounce lifetime of $maximal_queue_lifetime, without causing @@ -12551,8 +12560,6 @@ Wish list: Remove defer(8) and trace(8) references and man pages. These are services not program names. - dsb_formal -> dsb_form_all, dsb_status -> dsb_form_status - Is it safe to cache a connection after it has been used for more than some number of address verification probes? @@ -12569,13 +12576,6 @@ Wish list: Low: replace_sender/replace_recipient actions in access maps? - Feature: need "soft-bounce before fall-back relay" for SOHO - type operations, so they can send direct mail without having - to route everything through a provider. - - Med: disable header address rewriting after XCLIENT? - Introduce a better concept of original submission? - Low: configurable order of local(8) delivery methods. Med: local and remote source port and IP address for smtpd @@ -12625,8 +12625,6 @@ Wish list: Low: configurable internal/system locking method. - Low: make sure CCARGS -I options come at the end. - Low: add INSTALL section for pre-existing Postfix systems. Low: add INSTALL section for pre-existing RPM Postfixes. @@ -12658,7 +12656,7 @@ Wish list: Med: postsuper -r should do something with recipients in bounce logfiles, to make sure the sender will be notified. To be perfectly safe, no process other than the queue manager - should move a queue file from the active queue. + should move a queue file away from the active queue. This could involve tagging a queue file, and use up another permission bit. diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index 82ef3bac7..05e0436a5 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -451,7 +451,7 @@ Milter applications make assumptions that aren't true in a Postfix environment. LLiimmiittaattiioonnss This section lists limitations of the Postfix Milter implementation. Some -limitations will be removed disappear as support is extended over time. Of +limitations will be removed as the implementation is extended over time. Of course the usual limitations of before-queue filtering will always apply. See the CONTENT_INSPECTION_README document for a discussion. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 868615078..488ff6e64 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -1197,10 +1197,9 @@ configuration is repaired, encryption will be used. The new policy table is specified via the smtp_tls_policy_maps parameter. This lists optional lookup tables with the Postfix SMTP client TLS security policy -by next-hop destination. It supersedes the obsolete smtp_tls_per_site -parameter. When $smtp_tls_policy_maps is not empty, the smtp_tls_per_site -parameter is ignored (a warning is written to the logs if it is also non- -empty). +by next-hop destination. When $smtp_tls_policy_maps is not empty, the obsolete +smtp_tls_per_site parameter is ignored (a warning is written to the logs if +both parameter values are non-empty). The TLS policy table is indexed by the full next-hop destination, which is either the recipient domain, or the verbatim next-hop specified in the diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index acfe5fae3..b53a258b9 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -714,7 +714,7 @@ will dump core when you do this.

Limitations

This section lists limitations of the Postfix Milter implementation. -Some limitations will be removed disappear as support is extended +Some limitations will be removed as the implementation is extended over time. Of course the usual limitations of before-queue filtering will always apply. See the CONTENT_INSPECTION_README document for a discussion.

diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 05e39eb5f..2d5f85181 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -1636,10 +1636,10 @@ will be used.

The new policy table is specified via the smtp_tls_policy_maps parameter. This lists optional lookup tables with the Postfix SMTP client -TLS security policy by next-hop destination. It supersedes the obsolete -smtp_tls_per_site parameter. When $smtp_tls_policy_maps is not empty, -the smtp_tls_per_site parameter is ignored (a warning is written to the -logs if it is also non-empty).

+TLS security policy by next-hop destination. When $smtp_tls_policy_maps +is not empty, the obsolete smtp_tls_per_site parameter is ignored +(a warning is written to the logs if both parameter values are +non-empty).

The TLS policy table is indexed by the full next-hop destination, which is either the recipient domain, or the verbatim next-hop diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index da749a991..f50ef1224 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -43,10 +43,11 @@ BOUNCE(8) BOUNCE(8) STANDARDS RFC 822 (ARPA Internet Text Messages) + RFC 2045 (Format of Internet Message Bodies) RFC 2822 (ARPA Internet Text Messages) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) - RFC 2045 (Format of Internet Message Bodies) + RFC 3834 (Auto-Submitted: message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index 8d5d0e30c..ab5e86583 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -41,10 +41,11 @@ themselves, and that depend on retry logic in their own client. .na .nf RFC 822 (ARPA Internet Text Messages) +RFC 2045 (Format of Internet Message Bodies) RFC 2822 (ARPA Internet Text Messages) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) -RFC 2045 (Format of Internet Message Bodies) +RFC 3834 (Auto-Submitted: message header) .SH DIAGNOSTICS .ad .fi diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index b82d770ab..acd6dddfd 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -714,7 +714,7 @@ will dump core when you do this.

Limitations

This section lists limitations of the Postfix Milter implementation. -Some limitations will be removed disappear as support is extended +Some limitations will be removed as the implementation is extended over time. Of course the usual limitations of before-queue filtering will always apply. See the CONTENT_INSPECTION_README document for a discussion.

diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index 461a00c30..8a17a9623 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -1636,10 +1636,10 @@ will be used.

The new policy table is specified via the smtp_tls_policy_maps parameter. This lists optional lookup tables with the Postfix SMTP client -TLS security policy by next-hop destination. It supersedes the obsolete -smtp_tls_per_site parameter. When $smtp_tls_policy_maps is not empty, -the smtp_tls_per_site parameter is ignored (a warning is written to the -logs if it is also non-empty).

+TLS security policy by next-hop destination. When $smtp_tls_policy_maps +is not empty, the obsolete smtp_tls_per_site parameter is ignored +(a warning is written to the logs if both parameter values are +non-empty).

The TLS policy table is indexed by the full next-hop destination, which is either the recipient domain, or the verbatim next-hop diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index 67042f3f6..d9fe163b5 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -33,10 +33,11 @@ /* themselves, and that depend on retry logic in their own client. /* STANDARDS /* RFC 822 (ARPA Internet Text Messages) +/* RFC 2045 (Format of Internet Message Bodies) /* RFC 2822 (ARPA Internet Text Messages) /* RFC 3462 (Delivery Status Notifications) /* RFC 3464 (Delivery Status Notifications) -/* RFC 2045 (Format of Internet Message Bodies) +/* RFC 3834 (Auto-Submitted: message header) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* CONFIGURATION PARAMETERS diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c index 39dc887e7..44a91ab55 100644 --- a/postfix/src/bounce/bounce_notify_util.c +++ b/postfix/src/bounce/bounce_notify_util.c @@ -453,6 +453,12 @@ int bounce_header(VSTREAM *bounce, BOUNCE_INFO *bounce_info, STR(quote_822_local(bounce_info->buf, dest)), postmaster_copy); + /* + * Auto-Submitted header, as per RFC 3834. + */ + post_mail_fprintf(bounce, "Auto-Submitted: %s", postmaster_copy ? + "auto-generated" : "auto-replied"); + /* * MIME header. Use 8bit encoding when either the bounced message or the * template requires it. diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 6c865f52b..3cf7194cf 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -415,7 +415,7 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, } \ if (msg_verbose > 1) \ msg_info("%s: read: %ld: %.*s", myname, (long) curr_offset, \ - LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); \ + LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); \ if (rec_type == REC_TYPE_DTXT) \ continue; \ if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT \ @@ -575,7 +575,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state, cleanup_out_header(state, buf); if (msg_verbose > 1) msg_info("%s: %ld: write %.*s", myname, (long) new_hdr_offset, - LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); + LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); /* * Optionally, save the existing text record or pointer record that will @@ -585,7 +585,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state, CLEANUP_OUT_BUF(state, rec_type, old_rec_buf); if (msg_verbose > 1) msg_info("%s: write %.*s", myname, LEN(old_rec_buf) > 30 ? - 30 : LEN(old_rec_buf), STR(old_rec_buf)); + 30 : (int) LEN(old_rec_buf), STR(old_rec_buf)); } /* @@ -607,7 +607,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state, } if (msg_verbose > 1) msg_info("%s: %ld: read %.*s", myname, (long) read_offset, - LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); + LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT && rec_type != REC_TYPE_PTR && rec_type != REC_TYPE_DTXT) msg_panic("%s: non-text/ptr record type %d in header, file %s", @@ -626,7 +626,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state, CLEANUP_OUT_BUF(state, rec_type, buf); if (msg_verbose > 1) msg_info("%s: %ld: write %.*s", myname, (long) write_offset, - LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); + LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); /* Update cached location of "append header" pointer record. */ if (saved_read_offset == state->append_hdr_pt_offset) state->append_hdr_pt_offset = write_offset; diff --git a/postfix/src/global/is_header.c b/postfix/src/global/is_header.c index 1bf93a4c6..891e1372e 100644 --- a/postfix/src/global/is_header.c +++ b/postfix/src/global/is_header.c @@ -87,5 +87,6 @@ ssize_t is_header_buf(const char *str, ssize_t str_len) return ((state == IN_CHAR || state == IN_CHAR_SPACE) ? len : 0); } } + /* Redundant return for future proofing. */ return (0); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 94189cc2e..f4e82e63d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060704" -#define MAIL_VERSION_NUMBER "2.3-RC5" +#define MAIL_RELEASE_DATE "20060705" +#define MAIL_VERSION_NUMBER "2.3-RC6" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION MAIL_VERSION_NUMBER diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index ccb833fd6..bf0753f7e 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -744,7 +744,7 @@ static int vmilter8_write_cmd(MILTER8 *milter, int command, ssize_t data_len, VSTRING *buf; const char *str; const char **cpp; - unsigned char ch; + char ch; /* * Deliver the packet. @@ -1281,9 +1281,9 @@ static const char *milter8_event(MILTER8 *milter, int event, * Get here when the reply was followed by data bytes that weren't * supposed to be there. */ - msg_warn("milter %s: reply %s was followed by %d data bytes", + msg_warn("milter %s: reply %s was followed by %ld data bytes", milter->m.name, (smfir_name = str_name_code(smfir_table, cmd)) != 0 ? - smfir_name : "unknown", data_len); + smfir_name : "unknown", (long) data_len); milter8_comm_error(milter); return (milter->def_reply); } diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c index 65c79ede0..f11962a44 100644 --- a/postfix/src/milter/test-milter.c +++ b/postfix/src/milter/test-milter.c @@ -207,7 +207,7 @@ static sfsistat test_body(SMFICTX *ctx, unsigned char *data, size_t data_len) if (verbose == 0) printf("test_body %ld bytes\n", (long) data_len); else - printf("%.*s", data_len, data); + printf("%.*s", (int) data_len, data); return (test_reply(ctx, test_body_reply)); } diff --git a/postfix/src/smtp/Makefile.in b/postfix/src/smtp/Makefile.in index 8b781b4a1..dad89aae9 100644 --- a/postfix/src/smtp/Makefile.in +++ b/postfix/src/smtp/Makefile.in @@ -111,6 +111,7 @@ levels.o: ../../include/match_list.h levels.o: ../../include/match_ops.h levels.o: ../../include/msg.h levels.o: ../../include/msg_stats.h +levels.o: ../../include/name_code.h levels.o: ../../include/name_mask.h levels.o: ../../include/recipient_list.h levels.o: ../../include/resolve_clnt.h @@ -182,6 +183,7 @@ smtp_addr.o: ../../include/msg.h smtp_addr.o: ../../include/msg_stats.h smtp_addr.o: ../../include/myaddrinfo.h smtp_addr.o: ../../include/mymalloc.h +smtp_addr.o: ../../include/name_code.h smtp_addr.o: ../../include/name_mask.h smtp_addr.o: ../../include/own_inet_addr.h smtp_addr.o: ../../include/recipient_list.h @@ -218,6 +220,7 @@ smtp_chat.o: ../../include/match_ops.h smtp_chat.o: ../../include/msg.h smtp_chat.o: ../../include/msg_stats.h smtp_chat.o: ../../include/mymalloc.h +smtp_chat.o: ../../include/name_code.h smtp_chat.o: ../../include/name_mask.h smtp_chat.o: ../../include/post_mail.h smtp_chat.o: ../../include/recipient_list.h @@ -256,6 +259,7 @@ smtp_connect.o: ../../include/msg.h smtp_connect.o: ../../include/msg_stats.h smtp_connect.o: ../../include/myaddrinfo.h smtp_connect.o: ../../include/mymalloc.h +smtp_connect.o: ../../include/name_code.h smtp_connect.o: ../../include/name_mask.h smtp_connect.o: ../../include/own_inet_addr.h smtp_connect.o: ../../include/recipient_list.h @@ -290,6 +294,7 @@ smtp_map11.o: ../../include/match_list.h smtp_map11.o: ../../include/match_ops.h smtp_map11.o: ../../include/msg.h smtp_map11.o: ../../include/msg_stats.h +smtp_map11.o: ../../include/name_code.h smtp_map11.o: ../../include/name_mask.h smtp_map11.o: ../../include/quote_822_local.h smtp_map11.o: ../../include/quote_flags.h @@ -376,6 +381,7 @@ smtp_rcpt.o: ../../include/match_ops.h smtp_rcpt.o: ../../include/msg.h smtp_rcpt.o: ../../include/msg_stats.h smtp_rcpt.o: ../../include/mymalloc.h +smtp_rcpt.o: ../../include/name_code.h smtp_rcpt.o: ../../include/name_mask.h smtp_rcpt.o: ../../include/recipient_list.h smtp_rcpt.o: ../../include/resolve_clnt.h @@ -405,6 +411,7 @@ smtp_reuse.o: ../../include/match_ops.h smtp_reuse.o: ../../include/msg.h smtp_reuse.o: ../../include/msg_stats.h smtp_reuse.o: ../../include/mymalloc.h +smtp_reuse.o: ../../include/name_code.h smtp_reuse.o: ../../include/name_mask.h smtp_reuse.o: ../../include/recipient_list.h smtp_reuse.o: ../../include/resolve_clnt.h @@ -435,6 +442,7 @@ smtp_sasl_glue.o: ../../include/match_ops.h smtp_sasl_glue.o: ../../include/msg.h smtp_sasl_glue.o: ../../include/msg_stats.h smtp_sasl_glue.o: ../../include/mymalloc.h +smtp_sasl_glue.o: ../../include/name_code.h smtp_sasl_glue.o: ../../include/name_mask.h smtp_sasl_glue.o: ../../include/recipient_list.h smtp_sasl_glue.o: ../../include/resolve_clnt.h @@ -466,6 +474,7 @@ smtp_sasl_proto.o: ../../include/match_ops.h smtp_sasl_proto.o: ../../include/msg.h smtp_sasl_proto.o: ../../include/msg_stats.h smtp_sasl_proto.o: ../../include/mymalloc.h +smtp_sasl_proto.o: ../../include/name_code.h smtp_sasl_proto.o: ../../include/name_mask.h smtp_sasl_proto.o: ../../include/recipient_list.h smtp_sasl_proto.o: ../../include/resolve_clnt.h @@ -529,6 +538,7 @@ smtp_state.o: ../../include/match_ops.h smtp_state.o: ../../include/msg.h smtp_state.o: ../../include/msg_stats.h smtp_state.o: ../../include/mymalloc.h +smtp_state.o: ../../include/name_code.h smtp_state.o: ../../include/name_mask.h smtp_state.o: ../../include/recipient_list.h smtp_state.o: ../../include/resolve_clnt.h @@ -559,6 +569,7 @@ smtp_trouble.o: ../../include/match_list.h smtp_trouble.o: ../../include/match_ops.h smtp_trouble.o: ../../include/msg.h smtp_trouble.o: ../../include/msg_stats.h +smtp_trouble.o: ../../include/name_code.h smtp_trouble.o: ../../include/name_mask.h smtp_trouble.o: ../../include/recipient_list.h smtp_trouble.o: ../../include/resolve_clnt.h @@ -588,6 +599,7 @@ smtp_unalias.o: ../../include/match_ops.h smtp_unalias.o: ../../include/msg.h smtp_unalias.o: ../../include/msg_stats.h smtp_unalias.o: ../../include/myaddrinfo.h +smtp_unalias.o: ../../include/name_code.h smtp_unalias.o: ../../include/name_mask.h smtp_unalias.o: ../../include/recipient_list.h smtp_unalias.o: ../../include/resolve_clnt.h diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 648737377..af397d711 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -330,6 +330,15 @@ extern int smtp_quit(SMTP_STATE *); #define CACHE_THIS_SESSION_UNTIL(when) \ (session->expire_time = (when)) + /* + * Encapsulate the following so that we don't expose details of of + * connection management and error handling to the SMTP protocol engine. + */ +#define RETRY_AS_PLAINTEXT do { \ + session->tls_retry_plain = 1; \ + state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \ + } while (0) + /* * smtp_chat.c */ diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 41880cffb..b8fbde19f 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -856,7 +856,8 @@ static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop, /* * When an opportunistic TLS handshake fails, try the - * same address again, with TLS disabled. + * same address again, with TLS disabled. See also the + * RETRY_AS_PLAINTEXT macro. */ if ((retry_plain = session->tls_retry_plain) != 0) { --addr_count; diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index e42825164..8256b8c9a 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -679,22 +679,22 @@ static int smtp_start_tls(SMTP_STATE *state) * * - Expiration code would need to selectively delete sessions from a list - * Re-use code would need to decode many sessions and choose the best - - * Store code would needs to choose between replace and append. + * Store code would need to choose between replace and append. * * Note: checking the compatibility of re-activated sessions against the * cipher requirements of the session under construction requires us to * store the cipher name in the session cache with the passivated session - * object, the name is not available when the session is revived until - * the handshake is complete, which is too late. + * object. But the name is not available when the session is revived + * until the handshake is complete, which is too late. * - * XXX: When cached ciphers are reloaded, their cipher is not available via + * XXX: When a cached session is reloaded, its cipher is not available via * documented APIs until the handshake completes. We need to filter out * sessions that use the wrong ciphers, but may not peek at the * undocumented session->cipher_id and cipher->id structure members. * * Since cipherlists are typically shared by many domains, we include the * cipherlist in the session cache lookup key. This avoids false - * positives results from the session cache. + * positives from the TLS session cache. * * To support mutually incompatible protocol/cipher combinations, our * session key must include both the protocol and the cipherlist. @@ -738,10 +738,8 @@ static int smtp_start_tls(SMTP_STATE *state) * Specifically, this session is not final, don't defer any * recipients yet. */ - if (session->tls_level == TLS_LEV_MAY) { - session->tls_retry_plain = 1; - state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; - } + if (session->tls_level == TLS_LEV_MAY) + RETRY_AS_PLAINTEXT; return (smtp_site_fail(state, DSN_BY_LOCAL_MTA, SMTP_RESP_FAKE(&fake, "4.7.5"), "Cannot start TLS: handshake failure")); diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 84d57fdb9..868965acb 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -211,6 +211,7 @@ smtpd_chat.o: ../../include/milter.h smtpd_chat.o: ../../include/msg.h smtpd_chat.o: ../../include/myaddrinfo.h smtpd_chat.o: ../../include/mymalloc.h +smtpd_chat.o: ../../include/name_code.h smtpd_chat.o: ../../include/name_mask.h smtpd_chat.o: ../../include/post_mail.h smtpd_chat.o: ../../include/rec_type.h @@ -263,6 +264,7 @@ smtpd_check.o: ../../include/msg_stats.h smtpd_check.o: ../../include/myaddrinfo.h smtpd_check.o: ../../include/mymalloc.h smtpd_check.o: ../../include/namadr_list.h +smtpd_check.o: ../../include/name_code.h smtpd_check.o: ../../include/name_mask.h smtpd_check.o: ../../include/own_inet_addr.h smtpd_check.o: ../../include/rec_type.h @@ -298,6 +300,7 @@ smtpd_milter.o: ../../include/mail_params.h smtpd_milter.o: ../../include/mail_stream.h smtpd_milter.o: ../../include/milter.h smtpd_milter.o: ../../include/myaddrinfo.h +smtpd_milter.o: ../../include/name_code.h smtpd_milter.o: ../../include/name_mask.h smtpd_milter.o: ../../include/sys_defs.h smtpd_milter.o: ../../include/tls.h @@ -318,6 +321,7 @@ smtpd_peer.o: ../../include/milter.h smtpd_peer.o: ../../include/msg.h smtpd_peer.o: ../../include/myaddrinfo.h smtpd_peer.o: ../../include/mymalloc.h +smtpd_peer.o: ../../include/name_code.h smtpd_peer.o: ../../include/name_mask.h smtpd_peer.o: ../../include/sock_addr.h smtpd_peer.o: ../../include/stringops.h @@ -363,6 +367,7 @@ smtpd_sasl_glue.o: ../../include/milter.h smtpd_sasl_glue.o: ../../include/msg.h smtpd_sasl_glue.o: ../../include/myaddrinfo.h smtpd_sasl_glue.o: ../../include/mymalloc.h +smtpd_sasl_glue.o: ../../include/name_code.h smtpd_sasl_glue.o: ../../include/name_mask.h smtpd_sasl_glue.o: ../../include/stringops.h smtpd_sasl_glue.o: ../../include/sys_defs.h @@ -387,6 +392,7 @@ smtpd_sasl_proto.o: ../../include/milter.h smtpd_sasl_proto.o: ../../include/msg.h smtpd_sasl_proto.o: ../../include/myaddrinfo.h smtpd_sasl_proto.o: ../../include/mymalloc.h +smtpd_sasl_proto.o: ../../include/name_code.h smtpd_sasl_proto.o: ../../include/name_mask.h smtpd_sasl_proto.o: ../../include/stringops.h smtpd_sasl_proto.o: ../../include/sys_defs.h @@ -413,6 +419,7 @@ smtpd_state.o: ../../include/milter.h smtpd_state.o: ../../include/msg.h smtpd_state.o: ../../include/myaddrinfo.h smtpd_state.o: ../../include/mymalloc.h +smtpd_state.o: ../../include/name_code.h smtpd_state.o: ../../include/name_mask.h smtpd_state.o: ../../include/sys_defs.h smtpd_state.o: ../../include/tls.h @@ -439,6 +446,7 @@ smtpd_xforward.o: ../../include/milter.h smtpd_xforward.o: ../../include/msg.h smtpd_xforward.o: ../../include/myaddrinfo.h smtpd_xforward.o: ../../include/mymalloc.h +smtpd_xforward.o: ../../include/name_code.h smtpd_xforward.o: ../../include/name_mask.h smtpd_xforward.o: ../../include/sys_defs.h smtpd_xforward.o: ../../include/tls.h diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 0a1695f60..0210029dd 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -89,6 +89,7 @@ depend: $(MAKES) # do not edit below this line - it is generated by 'make depend' tls_bio_ops.o: ../../include/iostuff.h tls_bio_ops.o: ../../include/msg.h +tls_bio_ops.o: ../../include/name_code.h tls_bio_ops.o: ../../include/name_mask.h tls_bio_ops.o: ../../include/sys_defs.h tls_bio_ops.o: ../../include/vbuf.h @@ -97,6 +98,7 @@ tls_bio_ops.o: ../../include/vstring.h tls_bio_ops.o: tls.h tls_bio_ops.o: tls_bio_ops.c tls_certkey.o: ../../include/msg.h +tls_certkey.o: ../../include/name_code.h tls_certkey.o: ../../include/name_mask.h tls_certkey.o: ../../include/sys_defs.h tls_certkey.o: ../../include/vbuf.h @@ -108,6 +110,7 @@ tls_client.o: ../../include/argv.h tls_client.o: ../../include/mail_params.h tls_client.o: ../../include/msg.h tls_client.o: ../../include/mymalloc.h +tls_client.o: ../../include/name_code.h tls_client.o: ../../include/name_mask.h tls_client.o: ../../include/stringops.h tls_client.o: ../../include/sys_defs.h @@ -118,6 +121,7 @@ tls_client.o: tls.h tls_client.o: tls_client.c tls_client.o: tls_mgr.h tls_dh.o: ../../include/msg.h +tls_dh.o: ../../include/name_code.h tls_dh.o: ../../include/name_mask.h tls_dh.o: ../../include/sys_defs.h tls_dh.o: ../../include/vbuf.h @@ -139,6 +143,7 @@ tls_mgr.o: tls_mgr.c tls_mgr.o: tls_mgr.h tls_misc.o: ../../include/msg.h tls_misc.o: ../../include/mymalloc.h +tls_misc.o: ../../include/name_code.h tls_misc.o: ../../include/name_mask.h tls_misc.o: ../../include/stringops.h tls_misc.o: ../../include/sys_defs.h @@ -175,6 +180,7 @@ tls_prng_file.o: ../../include/mymalloc.h tls_prng_file.o: ../../include/sys_defs.h tls_prng_file.o: tls_prng.h tls_prng_file.o: tls_prng_file.c +tls_rsa.o: ../../include/name_code.h tls_rsa.o: ../../include/name_mask.h tls_rsa.o: ../../include/sys_defs.h tls_rsa.o: ../../include/vbuf.h @@ -196,6 +202,7 @@ tls_scache.o: ../../include/vstring.h tls_scache.o: tls_scache.c tls_scache.o: tls_scache.h tls_seed.o: ../../include/msg.h +tls_seed.o: ../../include/name_code.h tls_seed.o: ../../include/name_mask.h tls_seed.o: ../../include/sys_defs.h tls_seed.o: ../../include/vbuf.h @@ -210,6 +217,7 @@ tls_server.o: ../../include/hex_code.h tls_server.o: ../../include/mail_params.h tls_server.o: ../../include/msg.h tls_server.o: ../../include/mymalloc.h +tls_server.o: ../../include/name_code.h tls_server.o: ../../include/name_mask.h tls_server.o: ../../include/stringops.h tls_server.o: ../../include/sys_defs.h @@ -221,6 +229,7 @@ tls_server.o: tls_mgr.h tls_server.o: tls_server.c tls_session.o: ../../include/msg.h tls_session.o: ../../include/mymalloc.h +tls_session.o: ../../include/name_code.h tls_session.o: ../../include/name_mask.h tls_session.o: ../../include/sys_defs.h tls_session.o: ../../include/vbuf.h @@ -230,6 +239,7 @@ tls_session.o: tls.h tls_session.o: tls_session.c tls_stream.o: ../../include/iostuff.h tls_stream.o: ../../include/msg.h +tls_stream.o: ../../include/name_code.h tls_stream.o: ../../include/name_mask.h tls_stream.o: ../../include/sys_defs.h tls_stream.o: ../../include/vbuf.h @@ -239,6 +249,7 @@ tls_stream.o: tls.h tls_stream.o: tls_stream.c tls_verify.o: ../../include/msg.h tls_verify.o: ../../include/mymalloc.h +tls_verify.o: ../../include/name_code.h tls_verify.o: ../../include/name_mask.h tls_verify.o: ../../include/sys_defs.h tls_verify.o: ../../include/vbuf.h diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index d69e3479b..f33e067a2 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -119,7 +119,7 @@ extern NAME_CODE tls_cipher_level_table[]; name_code(tls_cipher_level_table, NAME_CODE_FLAG_NONE, (str)) #define TLS_END_EXCLUDE ((char *)0) -extern char *tls_cipher_list(int,...); +extern const char *tls_cipher_list(int,...); /* * tls_client.c diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 4b9f9942e..e5c19c76b 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -6,11 +6,11 @@ /* SYNOPSIS /* #include /* -/* SSL_CTX *tls_client_init(props) -/* const tls_client_init_props *props; +/* SSL_CTX *tls_client_init(init_props) +/* const tls_client_init_props *init_props; /* -/* TLScontext_t *tls_client_start(props) -/* const tls_client_start_props *props; +/* TLScontext_t *tls_client_start(start_props) +/* const tls_client_start_props *start_props; /* /* void tls_client_stop(client_ctx, stream, failure, TLScontext) /* SSL_CTX *client_ctx; @@ -151,6 +151,7 @@ static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext) { + const char *myname = "load_clnt_session"; SSL_SESSION *session = 0; VSTRING *session_data = vstring_alloc(2048); @@ -167,7 +168,8 @@ static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext) * server SSL context. */ if (TLScontext->cache_type == 0) - msg_panic("null client session cache type in session lookup"); + msg_panic("%s: null client session cache type in session lookup", + myname); /* * Look up and activate the SSL_SESSION object. Errors are non-fatal, @@ -195,6 +197,7 @@ static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext) static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) { + const char *myname = "new_client_session_cb"; TLScontext_t *TLScontext; VSTRING *session_data; @@ -204,7 +207,7 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) * null at this point. */ if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) - msg_panic("null TLScontext in new session callback"); + msg_panic("%s: null TLScontext in new session callback", myname); /* * We only get here if the cache_type is not empty. This callback is not @@ -212,7 +215,8 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) * server SSL context. */ if (TLScontext->cache_type == 0) - msg_panic("null session cache type in new session callback"); + msg_panic("%s: null session cache type in new session callback", + myname); if (TLScontext->log_level >= 2) msg_info("save session %s to %s cache", @@ -465,6 +469,9 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv, int idlen; int patlen; + /* + * Match the peerid against each pattern until we find a match. + */ for (i = 0; i < cmatch_argv->argc; ++i) { sub = 0; if (!strcasecmp(cmatch_argv->argv[i], "nexthop")) @@ -483,19 +490,21 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv, } /* - * Sub-domain match, peerid is any sub-domain of pattern. + * Sub-domain match: peerid is any sub-domain of pattern. */ - if (sub) + if (sub) { if ((idlen = strlen(peerid)) > (patlen = strlen(pattern)) + 1 && peerid[idlen - patlen - 1] == '.' && !strcasecmp(peerid + (idlen - patlen), pattern)) return (1); else continue; + } /* - * NOT sub-domain match, but "*.domain.tld" in peerid matches any - * host.domain.tld in the pattern. + * Exact match and initial "*" match. The initial "*" in a peerid + * matches exactly one hostname component, under the condition that + * the peerid contains multiple hostname components. */ if (!strcasecmp(peerid, pattern) || (peerid[0] == '*' && peerid[1] == '.' && peerid[2] != 0 @@ -509,7 +518,7 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv, /* verify_extract_peer - verify peer name and extract peer information */ static void verify_extract_peer(const char *nexthop, const char *hname, - char *certmatch, X509 *peercert, + const char *certmatch, X509 *peercert, TLScontext_t *TLScontext) { int i; @@ -666,7 +675,7 @@ TLScontext_t *tls_client_start(const tls_client_start_props *props) */ if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE, &TLScontext->network_bio, TLS_BIO_BUFSIZE)) { - msg_info("Could not obtain BIO_pair"); + msg_warn("Could not obtain BIO_pair"); tls_print_errors(); tls_free_context(TLScontext); return (0); diff --git a/postfix/src/tls/tls_mgr.c b/postfix/src/tls/tls_mgr.c index 84cd77561..a0b089488 100644 --- a/postfix/src/tls/tls_mgr.c +++ b/postfix/src/tls/tls_mgr.c @@ -327,8 +327,10 @@ int main(int unused_ac, char **av) while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) { argv = argv_split(STR(inbuf), " \t\r\n"); - if (argv->argc == 0) + if (argv->argc == 0) { + argv_free(argv); continue; + } #define COMMAND(argv, str, len) \ (strcasecmp(argv->argv[0], str) == 0 && argv->argc == len) @@ -336,7 +338,7 @@ int main(int unused_ac, char **av) if (COMMAND(argv, "policy", 2)) { int cachable; - status = tls_mgr_policy(argv[2], &cachable); + status = tls_mgr_policy(argv->argv[1], &cachable); vstream_printf("status=%d cachable=%d\n", status, cachable); } else if (COMMAND(argv, "seed", 2)) { VSTRING *buf = vstring_alloc(10); @@ -351,15 +353,16 @@ int main(int unused_ac, char **av) } else if (COMMAND(argv, "lookup", 3)) { VSTRING *buf = vstring_alloc(10); - status = tls_mgr_lookup(argv[1], argv->argv[2], buf); + status = tls_mgr_lookup(argv->argv[1], argv->argv[2], buf); vstream_printf("status=%d session=%.*s\n", status, LEN(buf), STR(buf)); + vstring_free(buf); } else if (COMMAND(argv, "update", 4)) { - status = tls_mgr_update(argv[1], argv->argv[2], + status = tls_mgr_update(argv->argv[1], argv->argv[2], argv->argv[3], strlen(argv->argv[3])); vstream_printf("status=%d\n", status); } else if (COMMAND(argv, "delete", 3)) { - status = tls_mgr_delete(argv[1], argv->argv[2]); + status = tls_mgr_delete(argv->argv[1], argv->argv[2]); vstream_printf("status=%d\n", status); } else { vstream_printf("usage:\n" @@ -370,9 +373,8 @@ int main(int unused_ac, char **av) "delete smtpd|smtp|lmtp cache_id\n"); } vstream_fflush(VSTREAM_OUT); - } - if (argv) argv_free(argv); + } vstring_free(inbuf); return (0); diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 456651161..65ba5e4f8 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -18,6 +18,9 @@ /* /* long tls_bug_bits() /* +/* const char *tls_cipher_list(grade, ...) +/* int grade; +/* /* void tls_print_errors() /* /* void tls_info_callback(ssl, where, ret) @@ -50,6 +53,11 @@ /* for the run-time library. Some of the bug work-arounds are /* not appropriate for some library versions. /* +/* tls_cipher_list() generates a cipher list from the specified +/* grade, minus any ciphers specified via a null-terminated +/* list of string-valued exclusions. The result is overwritten +/* upon each call. +/* /* tls_print_errors() queries the OpenSSL error stack, /* logs the error messages, and clears the error stack. /* @@ -156,7 +164,7 @@ typedef struct { /* tls_cipher_list - Cipherlist for given grade, less exclusions */ -char *tls_cipher_list(int level,...) +const char *tls_cipher_list(int grade,...) { const char *myname = "tls_cipher_list"; static VSTRING *buf; @@ -169,7 +177,7 @@ char *tls_cipher_list(int level,...) buf = buf ? buf : vstring_alloc(10); VSTRING_RESET(buf); - switch (level) { + switch (grade) { case TLS_CIPHER_HIGH: vstring_strcpy(buf, var_tls_high_clist); break; @@ -188,13 +196,13 @@ char *tls_cipher_list(int level,...) case TLS_CIPHER_NONE: return 0; default: - msg_panic("%s: invalid cipher level: %d", myname, level); + msg_panic("%s: invalid cipher grade: %d", myname, grade); } if (VSTRING_LEN(buf) == 0) msg_panic("%s: empty cipherlist", myname); - va_start(ap, level); + va_start(ap, grade); while ((exclude = va_arg(ap, char *)) != 0) { if (*exclude == '\0') continue; diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 76e90efce..bc7e8aefa 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -145,13 +145,14 @@ static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id, int session_id_length, int *unused_copy) { + const char *myname = "get_server_session_cb"; TLScontext_t *TLScontext; VSTRING *cache_id; VSTRING *session_data = vstring_alloc(2048); SSL_SESSION *session = 0; if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) - msg_panic("null TLScontext in session lookup callback"); + msg_panic("%s: null TLScontext in session lookup callback", myname); #define HEX_CACHE_ID(id, len) \ hex_encode(vstring_alloc(2 * (len) + 1), (char *) (id), (len)) @@ -207,12 +208,13 @@ static void uncache_session(SSL_CTX *ctx, TLScontext_t *TLScontext) static int new_server_session_cb(SSL *ssl, SSL_SESSION *session) { + const char *myname = "new_server_session_cb"; VSTRING *cache_id; TLScontext_t *TLScontext; VSTRING *session_data; if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) - msg_panic("null TLScontext in new session callback"); + msg_panic("%s: null TLScontext in new session callback", myname); cache_id = HEX_CACHE_ID(session->session_id, session->session_id_length); @@ -476,16 +478,16 @@ SSL_CTX *tls_server_init(const tls_server_props *props) SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb); /* - * OpenSSL ignores timed-out sessions, we need to set the internal - * cache timeut at least as high as the external cache timeout. This + * OpenSSL ignores timed-out sessions. We need to set the internal + * cache timeout at least as high as the external cache timeout. This * applies even if no internal cache is used. */ SSL_CTX_set_timeout(server_ctx, props->scache_timeout); } else { /* - * If we have no external cache, disable all caching, no use wasting - * client memory resources with sessions they are unlikely to be able + * If we have no external cache, disable all caching. No use wasting + * server memory resources with sessions they are unlikely to be able * to reuse. */ SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF); @@ -535,13 +537,13 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream, TLScontext->cache_type = SSL_CTX_get_ex_data(server_ctx, TLSscache_index); if ((TLScontext->con = (SSL *) SSL_new(server_ctx)) == NULL) { - msg_info("Could not allocate 'TLScontext->con' with SSL_new()"); + msg_warn("Could not allocate 'TLScontext->con' with SSL_new()"); tls_print_errors(); tls_free_context(TLScontext); return (0); } if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) { - msg_info("Could not set application data for 'TLScontext->con'"); + msg_warn("Could not set application data for 'TLScontext->con'"); tls_print_errors(); tls_free_context(TLScontext); return (0); @@ -572,7 +574,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream, */ if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE, &TLScontext->network_bio, TLS_BIO_BUFSIZE)) { - msg_info("Could not obtain BIO_pair"); + msg_warn("Could not obtain BIO_pair"); tls_print_errors(); tls_free_context(TLScontext); return (0); diff --git a/postfix/src/tlsmgr/Makefile.in b/postfix/src/tlsmgr/Makefile.in index 4ee4ddd88..68cbe886c 100644 --- a/postfix/src/tlsmgr/Makefile.in +++ b/postfix/src/tlsmgr/Makefile.in @@ -71,6 +71,7 @@ tlsmgr.o: ../../include/mail_server.h tlsmgr.o: ../../include/master_proto.h tlsmgr.o: ../../include/msg.h tlsmgr.o: ../../include/mymalloc.h +tlsmgr.o: ../../include/name_code.h tlsmgr.o: ../../include/name_mask.h tlsmgr.o: ../../include/stringops.h tlsmgr.o: ../../include/sys_defs.h diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c index dd2d6e8bc..bb483fa4d 100644 --- a/postfix/src/tlsmgr/tlsmgr.c +++ b/postfix/src/tlsmgr/tlsmgr.c @@ -739,12 +739,15 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv) /* * If nothing else works then at least this will get us a few bits of * entropy. + * + * XXX This is our first call into the OpenSSL library. We should find out + * if this can be moved to the post-jail initialization phase, without + * breaking compatibility with existing installations. */ GETTIMEOFDAY(&tv); tv.tv_sec ^= getpid(); RAND_seed(&tv, sizeof(struct timeval)); - /* * Open the external entropy source. We will not be able to open it again * after we are sent to chroot jail, so we keep it open. Errors are not