On Wed, Oct 15, 2014 at 05:38:55PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
> >
> > > > > + } else if (session->tls->level != TLS_LEV_NONE) {
> > >
> > > That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
> > > that "TLS is required".
> >
> > Actually, we also need to call smtp_tls_trouble with MAY, when the
> > failure reason is a local problem bringing up the TLS engine.
>
> I find the handling of that case suspect:
>
> case STARTTLS_FEATURE_FALLBACK:
> /* No recovery when skipping STARTTLS due to local problems */
> if (session->features & SMTP_FEATURE_STARTTLS)
> return (-1);
>
> Why can there be no recovery when TLS is optional?
Looking at Postfix 2.9 for comparison, I guess you're right:
/*
* Give up if we must use TLS but can't for various reasons.
*
* 200412 Be sure to provide the default clause at the bottom of this
* block. When TLS is required we must never, ever, end up in
* plain-text mode.
*/
if (session->tls_level >= TLS_LEV_ENCRYPT) {
...
}
The feature fallback code fired only when TLS is mandatory, even
with local problems.
--
Viktor.
