Thorsten Habich:
>
> On 6/20/2020 10:15 PM, Wietse Venema wrote:
> > diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
> > '--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
> > /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c
> > src/tlsproxy/tlsproxy.c
> > --- /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c 2020-05-15
> > 09:29:14.000000000 -0400
> > +++ src/tlsproxy/tlsproxy.c 2020-06-20 14:55:59.216357419 -0400
> > @@ -997,12 +997,12 @@
> > state->client_start_props->ctx = state->appl_state;
> > state->client_start_props->fd = state->ciphertext_fd;
> > /* These predicates and warning belong inside tls_client_start(). */
> > - if (!TLS_DANE_BASED(state->client_start_props->tls_level)
> > - || tls_dane_avail())
> > - state->tls_context = tls_client_start(state->client_start_props);
> > - else
> > + if (!tls_dane_avail() /* mandatory side effects!! */
> > + &&TLS_DANE_BASED(state->client_start_props->tls_level))
> > msg_warn("%s: DANE requested, but not available",
> > state->client_start_props->namaddr);
> > + else
> > + state->tls_context = tls_client_start(state->client_start_props);
> > if (state->tls_context != 0)
> > return (TLSP_STAT_OK);
>
> I applied this patch too and everything seems to be working now, thanks!
>
> Will both patches (connection_reuse in tls policy map and tafile with
> connection reuse on) be part of 3.5.4?
Yes. All supported stable releases that have this problem. However
the last stable release was a week ago. I prefer to wait another
week.
Wietse
