Chris Lewis wrote:
John Peacock says:
It's a required part of the RFC, see RFC-2487 Section 5.2:
Upon completion of the TLS handshake, ... [t]he server MUST discard any
knowledge obtained from the client...
Do you even have to purge envelope addresses per-se? It doesn't say it,
but doesn't STARTTLS have to occur immediately after HELO? (or the
reset equivalent). It's all going to get filled in again before the
client can send anything anyway.
STARTTLS is not required to happen immediately after EHLO (not HELO, which
doesn't support ESMTP extensions). And yes, you must completely discard every
portion of the SMTP state that has occurred up to that point (just like with
RSET).
The RFC is extremely plain on this point: after STARTTLS has been sent and
negotiated, the MTA must behave as if a completely new transaction has started
(as indeed, it has). The transaction *must* be reset and all information
contained therein must be thrown away. In practice, there isn't anything there
to begin with, since all of the well-formed MTA's always sent STARTTLS as soon
as practical (i.e. as soon as they see the initial EHLO banner), if they are
going to send it at all.
The argument can be made that only the *transaction* should be reset, and the
connection notes can be kept around. I specifically chose to tie
Connection::start and Connection::clone together with the minimal list of
properties required for a connection (see Connection.pm lines 8-15) when I
implemented clone().
That being said, keeping the connection notes is a one line change to
Connection::clone():
Index: lib/Qpsmtpd/Connection.pm
===================================================================
--- lib/Qpsmtpd/Connection.pm (revision 916)
+++ lib/Qpsmtpd/Connection.pm (working copy)
@@ -43,6 +43,7 @@
foreach my $f ( @parameters ) {
$new->$f($self->$f()) if $self->$f();
}
+ $new->{_notes} = $self->{_notes} if defined $self->{_notes};
# reset the old connection object like it's done at the end of a connection
# to prevent leaks (like prefork/tls problem with the old SSL file handle
# still around)
Killing transaction/connection notes() is a bit of a kludge, because
there's lots of other plugins who may be relying on the data being
persistent.
Then those plugins are not well designed. The old transaction is over when
STARTTLS has been completed.
John
