On Sun, Mar 10, 2019 at 02:34:02PM +0000, Scott Kitterman wrote:
> This worked just fine until 3.3.2-4 inclusive but since I've upgraded
> my sid system yesterday and Postfix was upgraded to 3.4.1-1 I see:
>
> postfix/smtp[15202]: warning: Trust anchor files not supported
> postfix/smtp[15202]: warning: TLS policy lookup error for
> [domain.tld]:587/domain.tld: client TLS configuration problem
> postfix/smtp[15202]: warning: TLS policy lookup for
> [domain.tld]:587/domain.tld: client TLS configuration problem
> postfix/smtp[15202]: 8B30018835E3: to=<some...@example.com>, relay=none,
> delay=1197, delays=1196/0.82/0.36/0, dsn=4.7.5, status=deferred (client TLS
> configuration problem)
> diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c
> index 93f8e2a5..013426b1 100644
> --- a/src/tls/tls_dane.c
> +++ b/src/tls/tls_dane.c
> @@ -1125,7 +1125,6 @@ TLS_DANE *tls_dane_resolve(unsigned port, const char
> *proto, DNS_RR *hostrr,
>
> int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile)
> {
> -#ifdef TRUST_ANCHOR_SUPPORT
> BIO *bp;
> char *name = 0;
> char *header = 0;
> @@ -1217,9 +1216,6 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const
> char *tafile)
> }
> /* Some other PEM read error */
> tls_print_errors();
> -#else
> - msg_warn("Trust anchor files not supported");
> -#endif
> return (0);
> }
The proposed patch is correct. Repeated below without "quoting":
diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c
index 93f8e2a5..013426b1 100644
--- a/src/tls/tls_dane.c
+++ b/src/tls/tls_dane.c
@@ -1125,7 +1125,6 @@ TLS_DANE *tls_dane_resolve(unsigned port, const char
*proto, DNS_RR *hostrr,
int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile)
{
-#ifdef TRUST_ANCHOR_SUPPORT
BIO *bp;
char *name = 0;
char *header = 0;
@@ -1217,9 +1216,6 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const
char *tafile)
}
/* Some other PEM read error */
tls_print_errors();
-#else
- msg_warn("Trust anchor files not supported");
-#endif
return (0);
}
--
Viktor.
