Thorsten Habich: > > On 6/20/2020 10:15 PM, Wietse Venema wrote: > > diff '--exclude=man' '--exclude=html' '--exclude=README_FILES' > > '--exclude=INSTALL' '--exclude=.indent.pro' -r -ur > > /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c > > src/tlsproxy/tlsproxy.c > > --- /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c 2020-05-15 > > 09:29:14.000000000 -0400 > > +++ src/tlsproxy/tlsproxy.c 2020-06-20 14:55:59.216357419 -0400 > > @@ -997,12 +997,12 @@ > > state->client_start_props->ctx = state->appl_state; > > state->client_start_props->fd = state->ciphertext_fd; > > /* These predicates and warning belong inside tls_client_start(). */ > > - if (!TLS_DANE_BASED(state->client_start_props->tls_level) > > - || tls_dane_avail()) > > - state->tls_context = tls_client_start(state->client_start_props); > > - else > > + if (!tls_dane_avail() /* mandatory side effects!! */ > > + &&TLS_DANE_BASED(state->client_start_props->tls_level)) > > msg_warn("%s: DANE requested, but not available", > > state->client_start_props->namaddr); > > + else > > + state->tls_context = tls_client_start(state->client_start_props); > > if (state->tls_context != 0) > > return (TLSP_STAT_OK); > > I applied this patch too and everything seems to be working now, thanks! > > Will both patches (connection_reuse in tls policy map and tafile with > connection reuse on) be part of 3.5.4?
Yes. All supported stable releases that have this problem. However the last stable release was a week ago. I prefer to wait another week. Wietse