>>>>> "Wietse" == Wietse Venema <wie...@porcupine.org> writes:
Wietse> John Stoffel:
>> >>>>> "Viktor" == Viktor Dukhovni <postfix-us...@dukhovni.org> writes:
>>
Viktor> On an mostly unrelated note, OpenSSL 3.0 (~Q4 2020) is changing the
Viktor> error API, so we'll eventually need:
>>
Viktor> --- src/tls/tls_misc.c
Viktor> +++ src/tls/tls_misc.c
Viktor> @@ -1332,6 +1332,18 @@ void tls_print_errors(void)
Viktor> int line;
Viktor> int flags;
>>
Viktor> +#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3,0)
Viktor> + const char *func;
Viktor> +
Viktor> + while ((err = ERR_get_error_all(&file, &line, &func, &data,
&flags)) != 0) {
Viktor> + ERR_error_string_n(err, buffer, sizeof(buffer));
Viktor> + if (flags & ERR_TXT_STRING)
Viktor> + msg_warn("TLS library problem: %s:%s:%s:%d:%s:",
Viktor> + buffer, file, func, line, data);
Viktor> + else
Viktor> + msg_warn("TLS library problem: %s:%s:%s:%d:", buffer, file,
func, line);
>>
>> Can we be more specific here with what the problem is? Maybe the
>> 'data' entry has more details that I'm missing here.
Wietse> You mean, eliminate the 'flags & ERR_TXT_STRING' test?
More the msg_warn("TLS library problem: ...") is what I'm commenting
on, but I suspect that the needed info is in the 'data' string passed
in for error reporting.
Thanks to both you and Victor for all you've done with postfix,
Excellent software!
