-/* $OpenBSD: smtp_session.c,v 1.237 2015/10/16 21:13:33 sthen Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.238 2015/10/21 16:44:28 jsing Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
pkiname = s->smtpname;
ssl_ctx = dict_get(env->sc_ssl_dict, pkiname);
- ssl = ssl_smtp_init(ssl_ctx, smtp_sni_callback);
+ ssl = ssl_smtp_init(ssl_ctx, smtp_sni_callback,
+ s->listener->flags & F_TLS_VERIFY);
io_set_read(&s->io);
io_start_tls(&s->io, ssl);
-/* $OpenBSD: smtpd.h,v 1.478 2015/10/17 22:24:36 gilles Exp $ */
+/* $OpenBSD: smtpd.h,v 1.479 2015/10/21 16:44:28 jsing Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
/* ssl_smtpd.c */
void *ssl_mta_init(void *, char *, off_t);
-void *ssl_smtp_init(void *, void *);
+void *ssl_smtp_init(void *, void *, int);
/* stat_backend.c */
-/* $OpenBSD: ssl_smtpd.c,v 1.9 2015/04/19 20:29:12 gilles Exp $ */
+/* $OpenBSD: ssl_smtpd.c,v 1.10 2015/10/21 16:44:28 jsing Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
}
void *
-ssl_smtp_init(void *ssl_ctx, void *sni)
+ssl_smtp_init(void *ssl_ctx, void *sni, int verify)
{
SSL *ssl = NULL;
int (*cb)(SSL *,int *,void *) = sni;
log_debug("debug: session_start_ssl: switching to SSL");
- SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, dummy_verify);
+ if (verify)
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, dummy_verify);
if (cb)
SSL_CTX_set_tlsext_servername_callback(ssl_ctx, cb);
projects / openbsd / commitdiff