> On May 15, 2020, at 11:05 PM, Alexander Vasarab 
> <alexander+p...@vasaconsulting.com> wrote:
> 
> Yes, after a full day of observation today, the issue appears to have
> been resolved.
> 
> Thank you for your time and effort.

No worries.  Many thanks for sticking with this to the bitter end!
Finding this bug required much patience.  It has gone unnoticed
since TLS support was first merged into Postfix (rather than
a separately maintained patchset) in postfix-2.2-20050119.

Not clearing the error stack before each and every I/O is
much too easy to do, and the separation of duties between
the SSL handshake and I/O functions and SSL_get_error()
does set a rather non-obvious trap for the unwary.

It should be possible for the SSL handle itself to capture
the error status just before returning control to the user,
with SSL_get_error() not subject to side-effects from operations
on unrelated connections.  I should probably open a usability
issue on this.  Just because it has been this way for 20 years,
doesn't make it right.

Good luck.  Postfix 3.6-20200515 includes the fix.

-- 
        Viktor.

Reply via email to