Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
> 
> > > > +       } else if (session->tls->level != TLS_LEV_NONE) {
> > 
> > That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
> > that "TLS is required".
> 
> Actually, we also need to call smtp_tls_trouble with MAY, when the
> failure reason is a local problem bringing up the TLS engine.

I find the handling of that case suspect:

    case STARTTLS_FEATURE_FALLBACK:
        /* No recovery when skipping STARTTLS due to local problems */
        if (session->features & SMTP_FEATURE_STARTTLS)
            return (-1);

Why can there be no recovery when TLS is optional?

        Wietse

Reply via email to