~ubuntu-branches/ubuntu/saucy/postfix/saucy-201305211707

Viewing changes to src/tlsproxy/tlsproxy.c

Committer: Bazaar Package Importer
Author(s): LaMont Jones, Wietse Venema, Kees Cook
Date: 2011-02-23 02:04:21 UTC
mfrom: (1.1.28 upstream)
Revision ID: james.westby@ubuntu.com-20110223020421-1hxhntwr0fvyzucd

http://bugs.debian.org/614748

http://bugs.debian.org/614750

[Wietse Venema]

* new upstream version

[Kees Cook]

* debian/init.d: fix relative path problem in CA bundle chroot copying.
Closes: #614748, #614750 LP: #723312

files modified:
HISTORY

README_FILES/POSTSCREEN_README

debian/changelog

debian/init.d

html/POSTSCREEN_README.html

html/postscreen.8.html

man/man8/postscreen.8

proto/POSTSCREEN_README.html

src/global/mail_version.h

src/postscreen/postscreen.c

src/postscreen/postscreen_send.c

src/qmqpd/qmqpd_peer.c

src/smtpd/smtpd.c

src/smtpd/smtpd_peer.c

src/tls/tls.h

src/tls/tls_server.c

src/tlsproxy/tlsproxy.c

src/util/myaddrinfo.c

src/util/myaddrinfo.h

Show diffs side-by-side

added added

removed removed

src/tlsproxy/tlsproxy.c

687

TLS_SERVER_START(&props,

688

ctx = tlsp_server_ctx,

689

stream = (VSTREAM *) 0,/* unused */

690

fd = state->ciphertext_fd,

690

691

log_level = var_tlsp_tls_loglevel,

691

692

timeout = 0, /* unused */

692

693

requirecert = (var_tlsp_tls_req_ccert

703

704

}

704

705

706

* This program will do the ciphertext I/O, not libtls. In the future,

707

* the above event-driven engine may be factored out as a libtls library

708

* module.

709

710

if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {

711

msg_info("SSL_set_fd error to %s", state->remote_endpt);

712

tls_print_errors();

713

tlsp_state_free(state);

714

return;

715

}

716

717

718

707

* XXX Do we care about TLS session rate limits? Good postscreen(8)

719

708

* clients will occasionally require the tlsproxy to renew their

720

709

* whitelist status, but bad clients hammering the server can suck up

Older »