* [9fans] Patch to smtpd; set TLS certificate file on command line.
@ 2003-04-03 21:36 Dan Cross
0 siblings, 0 replies; 2+ messages in thread
From: Dan Cross @ 2003-04-03 21:36 UTC (permalink / raw)
To: 9fans
When I originally added STARTTLS support to smtpd, I hard-coded the
certificate filename. In retrospect, this was a mistake; it hard-
coded a matter of local policy, and didn't correspond well to what
other commands did.
Recently (in the last couple of weeks or so) someone added a ``-t''
flag to smtpd to selectively turn on whether or not it announces
support for STARTTLS. Internally, this works by setting an integer
flag. Here's a patch that changes -t to -c, and takes as an
argument a path to the certificate file. Checks on the flag -t sets
have been changed to tests for nullity against a pointer specifying
the certificate file name.
I think this is better since it removes the policy from smtpd, and
still preserves the semantics of having a flag turn on announcement
of STARTTLS. I sent this to 9trouble a while back, but people have
been busy and it hasn't made it onto sources yet.
- Dan C.
term% ape/diff -c smtpd.c /sys/src/cmd/upas/smtp/smtpd.c
*** smtpd.c Tue Mar 4 08:12:50 2003
--- /sys/src/cmd/upas/smtp/smtpd.c Wed Mar 5 16:06:22 2003
***************
*** 30,36 ****
int authenticate;
int authenticated;
int passwordinclear;
! int tlsok;
List senders;
List rcvers;
--- 30,36 ----
int authenticate;
int authenticated;
int passwordinclear;
! char *tlscert;
List senders;
List rcvers;
***************
*** 126,133 ****
case 'p':
passwordinclear = 1;
break;
! case 't':
! tlsok = 1;
break;
default:
fprint(2, "usage: smtpd [-dfhrs] [-n net]\n");
--- 126,133 ----
case 'p':
passwordinclear = 1;
break;
! case 'c':
! tlscert = ARGF();
break;
default:
fprint(2, "usage: smtpd [-dfhrs] [-n net]\n");
***************
*** 257,263 ****
reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
if (extended) {
! if(tlsok)
reply("250-STARTTLS\r\n");
if (passwordinclear)
reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
--- 257,263 ----
reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
if (extended) {
! if(tlscert != nil)
reply("250-STARTTLS\r\n");
if (passwordinclear)
reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
***************
*** 1031,1037 ****
TLSconn *conn;
conn = mallocz(sizeof *conn, 1);
! cert = readcert("/sys/lib/ssl/smtpd-cert.pem", &certlen);
if (conn == nil || cert == nil) {
if (conn != nil)
free(conn);
--- 1031,1037 ----
TLSconn *conn;
conn = mallocz(sizeof *conn, 1);
! cert = readcert(tlscert, &certlen);
if (conn == nil || cert == nil) {
if (conn != nil)
free(conn);
term%
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [9fans] Patch to smtpd; set TLS certificate file on command line.
@ 2003-04-03 22:17 David Presotto
0 siblings, 0 replies; 2+ messages in thread
From: David Presotto @ 2003-04-03 22:17 UTC (permalink / raw)
To: cross, 9fans
I changed the sources. I left the -t option in with an error message
so that people will know to get rid of the -t. After a few
weeks I'll take out the -t.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-04-03 22:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-04-03 21:36 [9fans] Patch to smtpd; set TLS certificate file on command line Dan Cross
2003-04-03 22:17 David Presotto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).