artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 73296f5) | patch
Do not verify the cert or CA for a relay using opportunistic TLS.
authormillert <millert@openbsd.org>
Thu, 10 Feb 2022 14:59:35 +0000 (14:59 +0000)
committermillert <millert@openbsd.org>
Thu, 10 Feb 2022 14:59:35 +0000 (14:59 +0000)
commit89818320f51ce9b89c144087357e3182ba7f3dda
tree1258069c037dd576c1755769314ac099e9d714f3tree | snapshot
parent73296f59f8dcb6877025eed6cfa4ab88e4e7f449commit | diff
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it.  However, in this
case we should not verify the cert or CA (which may be self-signed).
This restores the relay behavior before the switch to libtls was made.
There is no change if the relay is explicitly configured to use TLS.
OK eric@
usr.sbin/smtpd/mta.c diff | blob | history
usr.sbin/smtpd/mta_session.c diff | blob | history
usr.sbin/smtpd/parse.y diff | blob | history
usr.sbin/smtpd/smtpd.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim