[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-anubis] OpenSSL TLS with 3.9.95
From: |
Sergey Poznyakoff |
Subject: |
Re: [bug-anubis] OpenSSL TLS with 3.9.95 |
Date: |
Mon, 13 Sep 2004 12:25:42 +0300 |
Hi Jim,
> This works, but given that the MTA advertised STARTTLS, shouldn't a
> TLS'd connection *to* Anbuis result in an attempted TLS connection
> *from* Anubis? i.e. to default to the highest security setting
> available?
Sure it should. I've fixed the bug in the repository. Attached is
the patch.
Regards,
Sergey
Index: src/authmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/authmode.c,v
retrieving revision 1.31
diff -p -u -r1.31 authmode.c
--- src/authmode.c 3 Sep 2004 08:51:43 -0000 1.31
+++ src/authmode.c 13 Sep 2004 09:18:34 -0000
@@ -175,7 +175,7 @@ static void
asmtp_capa_init (void)
{
asmtp_capa = list_create ();
-#ifdef HAVE_TLS
+#ifdef USE_SSL
asmtp_capa_add ("STARTTLS");
#endif
auth_gsasl_init ();
@@ -442,7 +442,18 @@ anubis_smtp (ANUBIS_USER * usr)
}
}
- topt &= ~T_SSL_FINISHED;
+ if (topt & T_SSL_FINISHED)
+ {
+ /* If `ssl yes' is requested, convert it to `ssl-oneway' for
+ the mechanics of tunnel.c:handle_ehlo() to work properly. */
+
+ topt &= ~T_SSL_FINISHED;
+ if (topt & T_SSL)
+ {
+ topt &= ~T_SSL;
+ topt |= T_SSL_ONEWAY;
+ }
+ }
xdatabase_enable ();
return 0;