Blame SOURCES/postfix-2.10.1-haproxy-tls-fix.patch

e31758
diff --git a/src/smtpd/smtpd_haproxy.c b/src/smtpd/smtpd_haproxy.c
e31758
index 599e3ed..a4c527c 100644
e31758
--- a/src/smtpd/smtpd_haproxy.c
e31758
+++ b/src/smtpd/smtpd_haproxy.c
e31758
@@ -96,6 +96,14 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
e31758
     VSTRING *escape_buf;
e31758
 
e31758
     /*
e31758
+     * While reading HAProxy handshake information, don't buffer input beyond
e31758
+     * the end-of-line. That would break the TLS wrappermode handshake.
e31758
+     */
e31758
+    vstream_control(state->client,
e31758
+		    VSTREAM_CTL_BUFSIZE, 1,
e31758
+		    VSTREAM_CTL_END);
e31758
+
e31758
+    /*
e31758
      * Note: the haproxy_srvr_parse() routine performs address protocol
e31758
      * checks, address and port syntax checks, and converts IPv4-in-IPv6
e31758
      * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted
e31758
@@ -142,6 +150,13 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
e31758
 	 * Avoid surprises in the Dovecot authentication server.
e31758
 	 */
e31758
 	state->dest_addr = mystrdup(smtp_server_addr.buf);
e31758
+
e31758
+	/*
e31758
+	 * Enable normal buffering.
e31758
+	 */
e31758
+	vstream_control(state->client,
e31758
+			VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
e31758
+			VSTREAM_CTL_END);
e31758
 	return (0);
e31758
     }
e31758
 }