From d93eff81da9d4e4c2e6723d562b17d24bf07acd2 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 25 Jan 2006 00:00:00 -0500
Subject: [PATCH] postfix-2.3-20060125

---
 postfix/HISTORY                    | 9 +++++++--
 postfix/src/global/mail_version.h  | 2 +-
 postfix/src/smtp/smtp_sasl_proto.c | 4 ++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2aa4a85b4..c523de5ec 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -11926,8 +11926,13 @@ Apologies for any names omitted.
 20060124
 
 	Bugfix: the virtual(8) delivery agent did not insist on
-	privileged operation; this broke change 20060117. File:
-	virtual/virtual.c.
+	privileged operation as it should; this broke change 20060117.
+	Ralf Hildebrandt.  File: virtual/virtual.c.
+
+	Bugfix: the TLS sasl security options (change 20060110)
+	should also be #ifdef USE_TLS, and not only #ifdef
+	USE_SASL_AUTH.  Such feature interference is difficult to
+	find in testing.  Liviu Daia. File: smtp/smtp_sasl_proto.c.
 
 Open problems:
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index bf49a45ae..f9f2f75bc 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060124"
+#define MAIL_RELEASE_DATE	"20060125"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtp/smtp_sasl_proto.c b/postfix/src/smtp/smtp_sasl_proto.c
index 0799d2c44..a96bd2074 100644
--- a/postfix/src/smtp/smtp_sasl_proto.c
+++ b/postfix/src/smtp/smtp_sasl_proto.c
@@ -176,15 +176,19 @@ int     smtp_sasl_helo_login(SMTP_STATE *state)
 	ret = smtp_sess_fail(state);
 	/* Session reuse is disabled. */
     } else {
+#ifdef USE_TLS
 	if (session->tls_context == 0)
+#endif
 	    smtp_sasl_start(session, VAR_SMTP_SASL_OPTS, 
 		var_smtp_sasl_opts);
+#ifdef USE_TLS
 	else if (session->tls_context->peer_verified == 0)
 	    smtp_sasl_start(session, VAR_SMTP_SASL_TLS_OPTS, 
 		var_smtp_sasl_tls_opts);
 	else
 	    smtp_sasl_start(session, VAR_SMTP_SASL_TLSV_OPTS, 
 		var_smtp_sasl_tlsv_opts);
+#endif
 	if (smtp_sasl_authenticate(session, why) <= 0) {
 	    ret = smtp_sess_fail(state);
 	    /* Session reuse is disabled. */