From: natano Date: Tue, 11 Jul 2017 06:08:40 +0000 (+0000) Subject: Remove "listen secure" syntax from smtpd.conf. It's broken since a couple of X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=74262a5e4b9a7e45dd7f60dabd021e3ac6abd2d7;p=openbsd Remove "listen secure" syntax from smtpd.conf. It's broken since a couple of months and noone complained. Users should replace existing "listen secure" directives with two separate "tls" and "smtps" listeners. i.e. a line like listen on $iface tls pki $pki has to be replaced with listen on $iface tls pki $pki listen on $iface smtps pki $pki Relaying syntax is not affected by this change. suggested by eric ok gilles --- diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 20736f65f72..b522d402460 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.196 2017/05/22 13:43:15 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.197 2017/07/11 06:08:40 natano Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -169,7 +169,7 @@ typedef struct { %} %token AS QUEUE COMPRESSION ENCRYPTION MAXMESSAGESIZE MAXMTADEFERRED LISTEN ON ANY PORT EXPIRE -%token TABLE SECURE SMTPS CERTIFICATE DOMAIN BOUNCEWARN LIMIT INET4 INET6 NODSN SESSION +%token TABLE SMTPS CERTIFICATE DOMAIN BOUNCEWARN LIMIT INET4 INET6 NODSN SESSION %token RELAY BACKUP VIA DELIVER TO LMTP MAILDIR MBOX RCPTTO HOSTNAME HOSTNAMES %token ACCEPT REJECT INCLUDE ERROR MDA FROM FOR SOURCE MTA PKI SCHEDULER %token ARROW AUTH TLS LOCAL VIRTUAL TAG TAGGED ALIAS FILTER KEY CA DHE @@ -515,14 +515,6 @@ opt_if_listen : INET4 { listen_opts.options |= LO_SSL; listen_opts.ssl = F_STARTTLS; } - | SECURE { - if (listen_opts.options & LO_SSL) { - yyerror("TLS mode already specified"); - YYERROR; - } - listen_opts.options |= LO_SSL; - listen_opts.ssl = F_SSL; - } | TLS_REQUIRE { if (listen_opts.options & LO_SSL) { yyerror("TLS mode already specified"); @@ -1512,7 +1504,6 @@ lookup(char *s) { "reject", REJECT }, { "relay", RELAY }, { "scheduler", SCHEDULER }, - { "secure", SECURE }, { "sender", SENDER }, { "senders", SENDERS }, { "session", SESSION }, diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5 index 3f3e4742766..c08e45ee4c4 100644 --- a/usr.sbin/smtpd/smtpd.conf.5 +++ b/usr.sbin/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.173 2017/06/07 13:25:18 jmc Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.174 2017/07/11 06:08:40 natano Exp $ .\" .\" Copyright (c) 2008 Janne Johansson .\" Copyright (c) 2009 Jacek Masiulaniec @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: June 7 2017 $ +.Dd $Mdocdate: July 11 2017 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -657,7 +657,7 @@ Changing the default value might degrade performance. .Ic listen on Ar interface .Op Ar family .Op Ic port Ar port -.Op Ic tls | tls-require | tls-require verify | smtps | secure +.Op Ic tls | tls-require | tls-require verify | smtps .Op Ic pki Ar pkiname .Op Ic ca Ar caname .Op Ic auth | auth-optional Op < Ns Ar authtable Ns > @@ -701,8 +701,6 @@ If is specified, the client must provide a valid certificate to be able to establish an SMTP session. .Pp -.Ic secure -may be specified to provide both STARTTLS and SMTPS services. Host certificates may be used for these connections, and must be previously declared using the pki directive. If