From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200304032136.h33LaFv18842@augusta.math.psu.edu> To: 9fans@cse.psu.edu From: Dan Cross Subject: [9fans] Patch to smtpd; set TLS certificate file on command line. Date: Thu, 3 Apr 2003 16:36:15 -0500 Topicbox-Message-UUID: 899b70be-eacb-11e9-9e20-41e7f4b1d025 When I originally added STARTTLS support to smtpd, I hard-coded the certificate filename. In retrospect, this was a mistake; it hard- coded a matter of local policy, and didn't correspond well to what other commands did. Recently (in the last couple of weeks or so) someone added a ``-t'' flag to smtpd to selectively turn on whether or not it announces support for STARTTLS. Internally, this works by setting an integer flag. Here's a patch that changes -t to -c, and takes as an argument a path to the certificate file. Checks on the flag -t sets have been changed to tests for nullity against a pointer specifying the certificate file name. I think this is better since it removes the policy from smtpd, and still preserves the semantics of having a flag turn on announcement of STARTTLS. I sent this to 9trouble a while back, but people have been busy and it hasn't made it onto sources yet. - Dan C. term% ape/diff -c smtpd.c /sys/src/cmd/upas/smtp/smtpd.c *** smtpd.c Tue Mar 4 08:12:50 2003 --- /sys/src/cmd/upas/smtp/smtpd.c Wed Mar 5 16:06:22 2003 *************** *** 30,36 **** int authenticate; int authenticated; int passwordinclear; ! int tlsok; List senders; List rcvers; --- 30,36 ---- int authenticate; int authenticated; int passwordinclear; ! char *tlscert; List senders; List rcvers; *************** *** 126,133 **** case 'p': passwordinclear = 1; break; ! case 't': ! tlsok = 1; break; default: fprint(2, "usage: smtpd [-dfhrs] [-n net]\n"); --- 126,133 ---- case 'p': passwordinclear = 1; break; ! case 'c': ! tlscert = ARGF(); break; default: fprint(2, "usage: smtpd [-dfhrs] [-n net]\n"); *************** *** 257,263 **** reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him); if (extended) { ! if(tlsok) reply("250-STARTTLS\r\n"); if (passwordinclear) reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n"); --- 257,263 ---- reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him); if (extended) { ! if(tlscert != nil) reply("250-STARTTLS\r\n"); if (passwordinclear) reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n"); *************** *** 1031,1037 **** TLSconn *conn; conn = mallocz(sizeof *conn, 1); ! cert = readcert("/sys/lib/ssl/smtpd-cert.pem", &certlen); if (conn == nil || cert == nil) { if (conn != nil) free(conn); --- 1031,1037 ---- TLSconn *conn; conn = mallocz(sizeof *conn, 1); ! cert = readcert(tlscert, &certlen); if (conn == nil || cert == nil) { if (conn != nil) free(conn); term%