Viktor Dukhovni:
> On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote:
>
> > I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d,
> > respectively. These versions align with Debian GNU/Linux 10 (buster).
> > Since the upgrade I've begun receiving regular log entries that look
> > like this:
> >
> > May 11 11:23:54 vasaconsulting postfix/smtpd[21870]: warning: TLS library
> > problem: error:140E0197:SSL routines:SSL_shutdown:shutdown while in
> > init:../ssl/ssl_lib.c:2086:
>
> Just in case this is an OpenSSL glitch, you should at this point be
> using OpenSSL 1.1.1g.
>
> That said, it perhaps possible that Postfix is calling SSL_shutdown() on
> a connection that never progressed enough to complete the handshake.
> I'll check what preconditions are needed for OpenSSL to allow the
> SSL_shutdown() call. We may need some logic to avoid calling it
> too early.
Like this?
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
log some warning
}
// Wrap up.
Wietse
> That said, this is not the cause of any problems, rather a symptom.
>
> > When it occurs when receiving, the sending mailserver retries sometime
> > later and seems to get through (though I haven't sought to verify
> > repeated failures).
>
> Perhaps some network-layer issues.
>
> --
> Viktor.
>
