Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 02:00:35PM -0400, Wietse Venema wrote:
>
> > This means the host announced STARTTLS, smtp_tls_ctx was non-null, and
> > the TLS level was "none".
>
> Oops, ignoring a STARTTLS offer with "level = none" misfires as a
> local configuration error:
>
> diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
> index c323a91..044ab3a 100644
> --- a/src/smtp/smtp_trouble.c
> +++ b/src/smtp/smtp_trouble.c
> @@ -496,7 +496,8 @@ int smtp_tls_trouble(SMTP_STATE *state, int
> protocol_stage)
> break;
> case STARTTLS_FEATURE_FALLBACK:
> /* No recovery when skipping STARTTLS due to local problems */
> - if (session->features & SMTP_FEATURE_STARTTLS)
> + if (session->tls_level != TLS_LEV_NONE
> + && session->features & SMTP_FEATURE_STARTTLS)
> return (-1);
> /* FALLTHROUGH */
> case STARTTLS_COMMAND_FALLBACK:
>
> Perhaps Ralf has policy table entries with "none" as the security
> level for some of the sites in question.
Does this mean that smtp_trouble() is called when TLS is "none"?
Wietse
