I found troubles on my gateway with dkimproxy_out: status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while sending message body) First entry in mail.log is 1 Feb 2016 and OpenSSL updated on 30 Jan 2016 Today I fount 98 messages stopped in mail queue. I found fix in IO::Socket::SSL v2.023 with comment about issue with openssl 1.0.2f Gentoo Portage contains only old version dev-perl/IO-Socket-SSL-2.12.0 Diff: https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff I removed changelog and version info from diff and I found it applicable to 2.12 # patch -i /tmp/111/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff -p4 patching file SSL.pm Hunk #1 succeeded at 1235 (offset -67 lines) dkimproxy restarted and seems works. Please look Reproducible: Sometimes
Created attachment 424676 [details, diff] Stripped upstream commit
+2.023 2016/01/30 +- OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection + was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9). + This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying) + which caused an endless loop. It will now ignore this result in case the TLS + connection was not yet established and consider the TLS connection closed + instead.
*** Bug 573762 has been marked as a duplicate of this bug. ***
I can confirm this bug, and also that the patch works.
bumped here: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f80b5c9be202beafd2d52a7e60a60b9a3183f094