From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: [9fans] Patch to smtpd; set TLS certificate file on command line.
Date: Thu, 3 Apr 2003 16:36:15 -0500 [thread overview]
Message-ID: <200304032136.h33LaFv18842@augusta.math.psu.edu> (raw)
When I originally added STARTTLS support to smtpd, I hard-coded the
certificate filename. In retrospect, this was a mistake; it hard-
coded a matter of local policy, and didn't correspond well to what
other commands did.
Recently (in the last couple of weeks or so) someone added a ``-t''
flag to smtpd to selectively turn on whether or not it announces
support for STARTTLS. Internally, this works by setting an integer
flag. Here's a patch that changes -t to -c, and takes as an
argument a path to the certificate file. Checks on the flag -t sets
have been changed to tests for nullity against a pointer specifying
the certificate file name.
I think this is better since it removes the policy from smtpd, and
still preserves the semantics of having a flag turn on announcement
of STARTTLS. I sent this to 9trouble a while back, but people have
been busy and it hasn't made it onto sources yet.
- Dan C.
term% ape/diff -c smtpd.c /sys/src/cmd/upas/smtp/smtpd.c
*** smtpd.c Tue Mar 4 08:12:50 2003
--- /sys/src/cmd/upas/smtp/smtpd.c Wed Mar 5 16:06:22 2003
***************
*** 30,36 ****
int authenticate;
int authenticated;
int passwordinclear;
! int tlsok;
List senders;
List rcvers;
--- 30,36 ----
int authenticate;
int authenticated;
int passwordinclear;
! char *tlscert;
List senders;
List rcvers;
***************
*** 126,133 ****
case 'p':
passwordinclear = 1;
break;
! case 't':
! tlsok = 1;
break;
default:
fprint(2, "usage: smtpd [-dfhrs] [-n net]\n");
--- 126,133 ----
case 'p':
passwordinclear = 1;
break;
! case 'c':
! tlscert = ARGF();
break;
default:
fprint(2, "usage: smtpd [-dfhrs] [-n net]\n");
***************
*** 257,263 ****
reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
if (extended) {
! if(tlsok)
reply("250-STARTTLS\r\n");
if (passwordinclear)
reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
--- 257,263 ----
reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
if (extended) {
! if(tlscert != nil)
reply("250-STARTTLS\r\n");
if (passwordinclear)
reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
***************
*** 1031,1037 ****
TLSconn *conn;
conn = mallocz(sizeof *conn, 1);
! cert = readcert("/sys/lib/ssl/smtpd-cert.pem", &certlen);
if (conn == nil || cert == nil) {
if (conn != nil)
free(conn);
--- 1031,1037 ----
TLSconn *conn;
conn = mallocz(sizeof *conn, 1);
! cert = readcert(tlscert, &certlen);
if (conn == nil || cert == nil) {
if (conn != nil)
free(conn);
term%
next reply other threads:[~2003-04-03 21:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-03 21:36 Dan Cross [this message]
2003-04-03 22:17 David Presotto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200304032136.h33LaFv18842@augusta.math.psu.edu \
--to=cross@math.psu.edu \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).