US gnutls_alert_get_name(gnutls_alert_get(state->session)))
#ifdef GNUTLS_E_PREMATURE_TERMINATION
: rc == GNUTLS_E_PREMATURE_TERMINATION && errno
- ? errno == ECONNRESET /* Outlook does this to us right after sending us QUIT */
- ? string_sprintf("syscall: %s", strerror(errno))
- : string_sprintf("%s: syscall: %s", US gnutls_strerror(rc), strerror(errno))
+ ? string_sprintf("%s: syscall: %s", US gnutls_strerror(rc), strerror(errno))
#endif
: US gnutls_strerror(rc);
debug_printf("D-H parameter cache file \"%s\" does not exist\n", filename);
}
else
- return tls_error(string_open_failed(errno, "\"%s\" for reading", filename),
+ return tls_error(string_open_failed("\"%s\" for reading", filename),
NULL, NULL, errstr);
/* If ret < 0, either the cache file does not exist, or the data it contains
/* If dane is flagged, have either request or require dane for this host, and
a TLSA record found. Therefore, dane verify required. Which implies cert must
be requested and supplied, dane verify must pass, and cert verify irrelevant
-(incl. hostnames), and (caller handled) require_tls */
+(incl. hostnames), and (caller handled) require_tls and sni=$domain */
if (conn_args->dane && ob->dane_require_tls_ciphers)
{
if (outbytes < 0)
{
- DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__);
- record_io_error(state, outbytes, US"send", NULL);
+#ifdef GNUTLS_E_PREMATURE_TERMINATION
+ if ( outbytes == GNUTLS_E_PREMATURE_TERMINATION && errno == ECONNRESET
+ && !ct_ctx && f.smtp_in_quit
+ )
+ { /* Outlook, dammit */
+ if (LOGGING(protocol_detail))
+ log_write(0, LOG_MAIN, "[%s] after QUIT, client reset TCP before"
+ " SMTP response and TLS close\n", sender_host_address);
+ else
+ DEBUG(D_tls) debug_printf("[%s] SSL_write: after QUIT,"
+ " client reset TCP before TLS close\n", sender_host_address);
+ }
+ else
+#endif
+ {
+ DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__);
+ record_io_error(state, outbytes, US"send", NULL);
+ }
return -1;
}
if (outbytes == 0)