On Sun, Mar 10, 2019 at 02:34:02PM +0000, Scott Kitterman wrote: > This worked just fine until 3.3.2-4 inclusive but since I've upgraded > my sid system yesterday and Postfix was upgraded to 3.4.1-1 I see: > > postfix/smtp[15202]: warning: Trust anchor files not supported > postfix/smtp[15202]: warning: TLS policy lookup error for > [domain.tld]:587/domain.tld: client TLS configuration problem > postfix/smtp[15202]: warning: TLS policy lookup for > [domain.tld]:587/domain.tld: client TLS configuration problem > postfix/smtp[15202]: 8B30018835E3: to=<some...@example.com>, relay=none, > delay=1197, delays=1196/0.82/0.36/0, dsn=4.7.5, status=deferred (client TLS > configuration problem)
> diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c > index 93f8e2a5..013426b1 100644 > --- a/src/tls/tls_dane.c > +++ b/src/tls/tls_dane.c > @@ -1125,7 +1125,6 @@ TLS_DANE *tls_dane_resolve(unsigned port, const char > *proto, DNS_RR *hostrr, > > int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile) > { > -#ifdef TRUST_ANCHOR_SUPPORT > BIO *bp; > char *name = 0; > char *header = 0; > @@ -1217,9 +1216,6 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const > char *tafile) > } > /* Some other PEM read error */ > tls_print_errors(); > -#else > - msg_warn("Trust anchor files not supported"); > -#endif > return (0); > } The proposed patch is correct. Repeated below without "quoting": diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c index 93f8e2a5..013426b1 100644 --- a/src/tls/tls_dane.c +++ b/src/tls/tls_dane.c @@ -1125,7 +1125,6 @@ TLS_DANE *tls_dane_resolve(unsigned port, const char *proto, DNS_RR *hostrr, int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile) { -#ifdef TRUST_ANCHOR_SUPPORT BIO *bp; char *name = 0; char *header = 0; @@ -1217,9 +1216,6 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile) } /* Some other PEM read error */ tls_print_errors(); -#else - msg_warn("Trust anchor files not supported"); -#endif return (0); } -- Viktor.