Wietse Venema:
> Viktor Dukhovni:
> > On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > > Does this mean that smtp_trouble() is called when TLS is "none"?
> >
> > Yes, unfortunately when STARTTLS is offered, but not used. As a
> > safety measure we could add an early return to smtp_trouble and
> > not call it, giving an improved patch of the form:
> >
> > diff --git a/src/smtp/smtp_proto.c b/src/smtp/smtp_proto.c
> > index 8e89751..a3a3bc7 100644
> > --- a/src/smtp/smtp_proto.c
> > +++ b/src/smtp/smtp_proto.c
> > @@ -762,7 +762,7 @@ int smtp_helo(SMTP_STATE *state)
> > session->namaddr,
> > translit(resp->str, "\n", " ")));
> > /* Else try to continue in plain-text mode. */
> > - } else {
> > + } else if (session->tls->level != TLS_LEV_NONE) {
That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
that "TLS is required".
Wietse
> > /*
> > * Give up if we must use TLS but can't for various reasons.
>
> That makes sense. Don't invoke error handlers when there is no
> error. This makes the code more like how it worked before.
>
> > diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
> > index c323a91..35b305b 100644
> > --- a/src/smtp/smtp_trouble.c
> > +++ b/src/smtp/smtp_trouble.c
> > @@ -488,6 +488,9 @@ int smtp_tls_trouble(SMTP_STATE *state, int
> > protocol_stage)
> > SMTP_SESSION *session = state->session;
> > SMTP_TLS_POLICY *tls = session->tls;
> >
> > + if (tls->level == TLS_LEV_NONE)
> > + return (0);
> > +
> > /* Handle non-recoverable cases */
> > switch (protocol_stage) {
> > case STARTTLS_VERIFY_FALLBACK:
> >
>
> Sorry, calling smtp_tls_trouble() when there is no problem is a bug.
> I will put a panic() call there instead.
>
> Wietse
>
