From: ooga@e.email
To: 9front@9front.org
Subject: [9front] smtpd/tls patch
Date: Tue, 25 Apr 2023 19:10:55 +0000 (UTC) [thread overview]
Message-ID: <2c907f99-faf2-4127-bd78-b6044a55eac0@e.email> (raw)
[-- Attachment #1: Type: text/plain, Size: 0 bytes --]
[-- Attachment #2: smtpd.diff --]
[-- Type: text/plain, Size: 1137 bytes --]
[PATCH] upas/smtpd: use the full chain of certificates with TLS
Otherwise, the other side won't be able to verify our certfificate.
Google will report this with the smtp-tls report.
---
diff 2cbda95fa2b7f49e11e86087b9718fde32cb11ad 9d0275079df5d31ba6c0e26f9bc1aaf5710a3501
--- a/sys/src/cmd/upas/smtp/smtpd.c
+++ b/sys/src/cmd/upas/smtp/smtpd.c
@@ -1585,8 +1585,7 @@
void
starttls(void)
{
- int certlen, fd;
- uchar *cert;
+ int fd;
TLSconn conn;
if (tlscert == nil) {
@@ -1593,15 +1592,16 @@
reply("500 5.5.1 illegal command or bad syntax\r\n");
return;
}
- cert = readcert(tlscert, &certlen);
- if (cert == nil) {
+ memset(&conn, 0, sizeof(conn));
+ conn.chain = readcertchain(tlscert);
+ if (conn.chain == nil) {
reply("454 4.7.5 TLS not available\r\n");
return;
}
reply("220 2.0.0 Go ahead make my day\r\n");
- memset(&conn, 0, sizeof(conn));
- conn.cert = cert;
- conn.certlen = certlen;
+ conn.cert = conn.chain->pem;
+ conn.certlen = conn.chain->pemlen;
+ conn.chain = conn.chain->next;
fd = tlsServer(Bfildes(&bin), &conn);
if (fd < 0) {
syslog(0, "smtpd", "TLS start-up failed with %s", him);
reply other threads:[~2023-04-25 19:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2c907f99-faf2-4127-bd78-b6044a55eac0@e.email \
--to=ooga@e.email \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).