Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > Does this mean that smtp_trouble() is called when TLS is "none"?
>
> Yes, unfortunately when STARTTLS is offered, but not used. As a
> safety measure we could add an early return to smtp_trouble and
> not call it, giving an improved patch of the form:
>
> diff --git a/src/smtp/smtp_proto.c b/src/smtp/smtp_proto.c
> index 8e89751..a3a3bc7 100644
> --- a/src/smtp/smtp_proto.c
> +++ b/src/smtp/smtp_proto.c
> @@ -762,7 +762,7 @@ int smtp_helo(SMTP_STATE *state)
> session->namaddr,
> translit(resp->str, "\n", " ")));
> /* Else try to continue in plain-text mode. */
> - } else {
> + } else if (session->tls->level != TLS_LEV_NONE) {
>
> /*
> * Give up if we must use TLS but can't for various reasons.
That makes sense. Don't invoke error handlers when there is no
error. This makes the code more like how it worked before.
> diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
> index c323a91..35b305b 100644
> --- a/src/smtp/smtp_trouble.c
> +++ b/src/smtp/smtp_trouble.c
> @@ -488,6 +488,9 @@ int smtp_tls_trouble(SMTP_STATE *state, int
> protocol_stage)
> SMTP_SESSION *session = state->session;
> SMTP_TLS_POLICY *tls = session->tls;
>
> + if (tls->level == TLS_LEV_NONE)
> + return (0);
> +
> /* Handle non-recoverable cases */
> switch (protocol_stage) {
> case STARTTLS_VERIFY_FALLBACK:
>
Sorry, calling smtp_tls_trouble() when there is no problem is a bug.
I will put a panic() call there instead.
Wietse
