Viktor Dukhovni:
> On Mon, May 11, 2020 at 03:52:27PM -0400, Wietse Venema wrote:
>
> > Viktor Dukhovni:
> >
> > > That said, it perhaps possible that Postfix is calling SSL_shutdown() on
> > > a connection that never progressed enough to complete the handshake.
> > > I'll check what preconditions are needed for OpenSSL to allow the
> > > SSL_shutdown() call. We may need some logic to avoid calling it
> > > too early.
> >
> > Like this?
> >
> > if (!SSL_in_init(tls_context->con)
> > && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
> > log some warning
> > }
> > // Wrap up.
>
> Yes, that's the idea.
Then, this should shut up the warning.
Wietse
--- ./src/tls/tls_session.c- 2019-06-15 19:36:31.000000000 -0400
+++ ./src/tls/tls_session.c 2020-05-11 17:57:18.000000000 -0400
@@ -118,7 +118,7 @@
* so we will not perform SSL_shutdown() and the session will be removed
* as being bad.
*/
- if (!failure) {
+ if (!failure && !SSL_in_init(TLScontext->con)) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
