From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from oat.nine.sirjofri.de ([5.45.105.127]) by ewsd; Wed Jul 29 03:32:46 EDT 2020 Message-ID: <0965A403D8215D7555FCEB93BA4ECE3A@sirjofri.de> To: 9front@9front.org Subject: Re: [9front] patch smtp: ignore unrecognized certificates Date: Wed, 29 Jul 2020 09:32:23 +0200 From: sirjofri+ml-9front@sirjofri.de In-Reply-To: <20200721134657.QBBgD%steffen@sdaoden.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-vgegprzxmgcqmibotgfclmtqqi" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: structured out-scaling general-purpose YAML full-stack plugin This is a multi-part message in MIME format. --upas-vgegprzxmgcqmibotgfclmtqqi Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hey all, I prepared a better patch, this time including a line in the man page and an adjusted usage line. Also this time I don't do the certificate checks, all certs are ignored. This also changes -c to -C. sirjofri --upas-vgegprzxmgcqmibotgfclmtqqi Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit diff -r 639ad985a75b sys/man/8/smtp --- a/sys/man/8/smtp Mon Jul 20 18:58:52 2020 -0700 +++ b/sys/man/8/smtp Wed Jul 29 09:24:42 2020 +0200 @@ -6,7 +6,7 @@ .ti -0.5i .B upas/smtp [ -.B -aAdfipst +.B -aACdfipst ] [ .B -b .I busted-mx @@ -81,6 +81,9 @@ when trying MX hosts. May be repeated. .TP +.B -C +ignore bad thumbprints for TLS connections. +.TP .B -d turn on debugging to standard error. .TP diff -r 639ad985a75b sys/src/cmd/upas/smtp/smtp.c --- a/sys/src/cmd/upas/smtp/smtp.c Mon Jul 20 18:58:52 2020 -0700 +++ b/sys/src/cmd/upas/smtp/smtp.c Wed Jul 29 09:24:42 2020 +0200 @@ -46,6 +46,7 @@ int quitting; /* when error occurs in quit */ int tryauth; /* Try to authenticate, if supported */ int trysecure; /* Try to use TLS if the other side supports it */ +int nocertcheck; /* ignore unrecognized certs. Still logged */ char *quitrv; /* deferred return value when in quit */ char ddomain[1024]; /* domain name of destination machine */ @@ -85,7 +86,7 @@ void usage(void) { - fprint(2, "usage: smtp [-aAdfipst] [-b busted-mx] [-g gw] [-h host] " + fprint(2, "usage: smtp [-aACdfipst] [-b busted-mx] [-g gw] [-h host] " "[-u user] [.domain] net!host[!service] sender rcpt-list\n"); exits(Giveup); } @@ -185,6 +186,9 @@ case 'u': user = EARGF(usage()); break; + case 'C': + nocertcheck = 1; + break; default: usage(); break; @@ -413,6 +417,12 @@ Bterm(&bin); Binit(&bin, fd, OREAD); + if (nocertcheck) { + syslog(0, "smtp", "ignoring cert for %s", ddomain); + err = nil; + goto Out; + } + goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs, "x509"); if (goodcerts == nil) { syslog(0, "smtp", "bad thumbprints in %s", smtpthumbs); --upas-vgegprzxmgcqmibotgfclmtqqi--