-/* $OpenBSD: mta_session.c,v 1.61 2014/04/29 10:18:06 reyk Exp $ */
+/* $OpenBSD: mta_session.c,v 1.62 2014/04/29 17:32:42 gilles Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
#define MTA_WANT_SECURE 0x0010
#define MTA_USE_AUTH 0x0020
#define MTA_USE_CERT 0x0040
+#define MTA_DOWNGRADE_PLAIN 0x0080
#define MTA_TLS_TRIED 0x0080
s->use_smtps = 1; /* tls+smtps */
break;
}
+ else if (s->flags & MTA_DOWNGRADE_PLAIN) {
+ /* smtp+tls, with tls failure */
+ break;
+ }
default:
mta_free(s);
return;
((struct sockaddr_in6 *)sa)->sin6_port = htons(portno);
s->attempt += 1;
-
if (s->use_smtp_tls)
schema = "smtp+tls://";
else if (s->use_starttls)
switch (s->state) {
case MTA_BANNER:
+ if (line[0] != '2') {
+ mta_error(s, "BANNER rejected: %s", line);
+ s->flags |= MTA_FREE;
+ return;
+ }
if (s->flags & MTA_LMTP)
mta_enter_state(s, MTA_LHLO);
else
mta_error(s, "IO Error: %s", io->error);
if (!s->ready)
mta_connect(s);
+ else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_ANYSSL))) {
+ /* error in non-strict SSL negotiation, downgrade to plain */
+ s->flags |= MTA_DOWNGRADE_PLAIN;
+ mta_connect(s);
+ }
else
mta_free(s);
break;
projects / openbsd / commitdiff