diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 18:56:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 18:56:32 +0000 |
commit | e2905c99ea172c2e54ea419699d8073d23fe7b22 (patch) | |
tree | 89ef066e2d4428688b42ec1d2f23dd28d51253b2 /src/posttls-finger/posttls-finger.c | |
parent | Adding upstream version 3.7.10. (diff) | |
download | postfix-upstream.tar.xz postfix-upstream.zip |
Adding upstream version 3.7.11.upstream/3.7.11upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/posttls-finger/posttls-finger.c')
-rw-r--r-- | src/posttls-finger/posttls-finger.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c index 502645c..2652ec6 100644 --- a/src/posttls-finger/posttls-finger.c +++ b/src/posttls-finger/posttls-finger.c @@ -1252,6 +1252,8 @@ static DNS_RR *addr_one(STATE *state, DNS_RR *addr_list, const char *host, msg_fatal("host %s: conversion error for address family %d: %m", host, ((struct sockaddr *) (res0->ai_addr))->sa_family); addr_list = dns_rr_append(addr_list, addr); + if (DNS_RR_IS_TRUNCATED(addr_list)) + break; } freeaddrinfo(res0); if (found == 0) { @@ -1289,6 +1291,8 @@ static DNS_RR *mx_addr_list(STATE *state, DNS_RR *mx_names) msg_panic("%s: bad resource type: %d", myname, rr->type); addr_list = addr_one(state, addr_list, (char *) rr->data, res_opt, rr->pref); + if (addr_list && DNS_RR_IS_TRUNCATED(addr_list)) + break; } return (addr_list); } @@ -2024,7 +2028,19 @@ static void parse_match(STATE *state, int argc, char *argv[]) #ifdef USE_TLS int smtp_mode = 1; + /* + * DANE match names are configured late, once the TLSA records are in + * hand. For now, prepare to fall back to "secure". + */ switch (state->level) { + default: + state->match = 0; + if (*argv) + msg_warn("TLS level '%s' does not implement certificate matching", + str_tls_level(state->level)); + break; + case TLS_LEV_DANE: + case TLS_LEV_DANE_ONLY: case TLS_LEV_SECURE: state->match = argv_alloc(2); while (*argv) @@ -2045,11 +2061,6 @@ static void parse_match(STATE *state, int argc, char *argv[]) tls_dane_add_fpt_digests((TLS_DANE *) state->dane, *argv++, "", smtp_mode); break; - case TLS_LEV_DANE: - case TLS_LEV_DANE_ONLY: - state->match = argv_alloc(2); - argv_add(state->match, "nexthop", "hostname", ARGV_END); - break; } #endif } |