Viktor Dukhovni: > On Mon, Feb 18, 2019 at 02:07:29AM -0500, Viktor Dukhovni wrote: > > > Feb 17 22:08:45 mail postfix/tlsproxy[23261]: > > sys1.mmini.de[5.9.100.168]:25: depth=1 verify=0 > > subject=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > > > > These callbacks are NOT expected. > > diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c > index 01dda8a97..a4a88a392 100644 > --- a/src/tls/tls_misc.c > +++ b/src/tls/tls_misc.c > @@ -772,6 +772,8 @@ void tls_pre_jail_init(TLS_ROLE role) > }; > int flags; > > + tls_param_init();
tls_param_init() is already called by tls_client_init() and tls_server_init(). Should we remove the those calls and make tls_pre_jail_init() a mandatory call? > diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c > index 2c8714cb4..91eb4a9bc 100644 > --- a/src/tlsproxy/tlsproxy.c > +++ b/src/tlsproxy/tlsproxy.c > @@ -947,7 +947,12 @@ static int tlsp_client_start_pre_handshake(TLSP_STATE > *state) > { > state->client_start_props->ctx = state->appl_state; > state->client_start_props->fd = state->ciphertext_fd; > - state->tls_context = tls_client_start(state->client_start_props); > + if (!TLS_DANE_BASED(state->client_start_props->tls_level) > + || tls_dane_avail()) > + state->tls_context = tls_client_start(state->client_start_props); How come that we need this here, when there is already code in the Postfix SMTP client policy lookup that dedices whether a connection will use DANE? Should we make the SMTP client responsible for policy decisions, and make tlsproxy responsible for encryption, or should we randomly distribute responsibilities across process boundaries? Wietse