Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
>
> > > > + } else if (session->tls->level != TLS_LEV_NONE) {
> >
> > That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
> > that "TLS is required".
>
> Actually, we also need to call smtp_tls_trouble with MAY, when the
> failure reason is a local problem bringing up the TLS engine.
I find the handling of that case suspect:
case STARTTLS_FEATURE_FALLBACK:
/* No recovery when skipping STARTTLS due to local problems */
if (session->features & SMTP_FEATURE_STARTTLS)
return (-1);
Why can there be no recovery when TLS is optional?
Wietse
