On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > Oops, ignoring a STARTTLS offer with "level = none" misfires as a
> > local configuration error:
> >
> > diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
> > index c323a91..044ab3a 100644
> > --- a/src/smtp/smtp_trouble.c
> > +++ b/src/smtp/smtp_trouble.c
> > @@ -496,7 +496,8 @@ int smtp_tls_trouble(SMTP_STATE *state, int
> > protocol_stage)
> > break;
> > case STARTTLS_FEATURE_FALLBACK:
> > /* No recovery when skipping STARTTLS due to local problems */
> > - if (session->features & SMTP_FEATURE_STARTTLS)
> > + if (session->tls_level != TLS_LEV_NONE
> > + && session->features & SMTP_FEATURE_STARTTLS)
> > return (-1);
> > /* FALLTHROUGH */
> > case STARTTLS_COMMAND_FALLBACK:
> >
> > Perhaps Ralf has policy table entries with "none" as the security
> > level for some of the sites in question.
>
> Does this mean that smtp_trouble() is called when TLS is "none"?
Yes, unfortunately when STARTTLS is offered, but not used. As a
safety measure we could add an early return to smtp_trouble and
not call it, giving an improved patch of the form:
diff --git a/src/smtp/smtp_proto.c b/src/smtp/smtp_proto.c
index 8e89751..a3a3bc7 100644
--- a/src/smtp/smtp_proto.c
+++ b/src/smtp/smtp_proto.c
@@ -762,7 +762,7 @@ int smtp_helo(SMTP_STATE *state)
session->namaddr,
translit(resp->str, "\n", " ")));
/* Else try to continue in plain-text mode. */
- } else {
+ } else if (session->tls->level != TLS_LEV_NONE) {
/*
* Give up if we must use TLS but can't for various reasons.
diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
index c323a91..35b305b 100644
--- a/src/smtp/smtp_trouble.c
+++ b/src/smtp/smtp_trouble.c
@@ -488,6 +488,9 @@ int smtp_tls_trouble(SMTP_STATE *state, int
protocol_stage)
SMTP_SESSION *session = state->session;
SMTP_TLS_POLICY *tls = session->tls;
+ if (tls->level == TLS_LEV_NONE)
+ return (0);
+
/* Handle non-recoverable cases */
switch (protocol_stage) {
case STARTTLS_VERIFY_FALLBACK:
--
Viktor.
