Blame SOURCES/postfix-2.10.1-haproxy-tls-fix.patch
|
|
e31758 |
diff --git a/src/smtpd/smtpd_haproxy.c b/src/smtpd/smtpd_haproxy.c
|
|
|
e31758 |
index 599e3ed..a4c527c 100644
|
|
|
e31758 |
--- a/src/smtpd/smtpd_haproxy.c
|
|
|
e31758 |
+++ b/src/smtpd/smtpd_haproxy.c
|
|
|
e31758 |
@@ -96,6 +96,14 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state)
|
|
|
e31758 |
VSTRING *escape_buf;
|
|
|
e31758 |
|
|
|
e31758 |
/*
|
|
|
e31758 |
+ * While reading HAProxy handshake information, don't buffer input beyond
|
|
|
e31758 |
+ * the end-of-line. That would break the TLS wrappermode handshake.
|
|
|
e31758 |
+ */
|
|
|
e31758 |
+ vstream_control(state->client,
|
|
|
e31758 |
+ VSTREAM_CTL_BUFSIZE, 1,
|
|
|
e31758 |
+ VSTREAM_CTL_END);
|
|
|
e31758 |
+
|
|
|
e31758 |
+ /*
|
|
|
e31758 |
* Note: the haproxy_srvr_parse() routine performs address protocol
|
|
|
e31758 |
* checks, address and port syntax checks, and converts IPv4-in-IPv6
|
|
|
e31758 |
* address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted
|
|
|
e31758 |
@@ -142,6 +150,13 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state)
|
|
|
e31758 |
* Avoid surprises in the Dovecot authentication server.
|
|
|
e31758 |
*/
|
|
|
e31758 |
state->dest_addr = mystrdup(smtp_server_addr.buf);
|
|
|
e31758 |
+
|
|
|
e31758 |
+ /*
|
|
|
e31758 |
+ * Enable normal buffering.
|
|
|
e31758 |
+ */
|
|
|
e31758 |
+ vstream_control(state->client,
|
|
|
e31758 |
+ VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
|
|
|
e31758 |
+ VSTREAM_CTL_END);
|
|
|
e31758 |
return (0);
|
|
|
e31758 |
}
|
|
|
e31758 |
}
|