* [9front] smtpd/tls patch
@ 2023-04-25 19:10 ooga
0 siblings, 0 replies; only message in thread
From: ooga @ 2023-04-25 19:10 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 0 bytes --]
[-- Attachment #2: smtpd.diff --]
[-- Type: text/plain, Size: 1137 bytes --]
[PATCH] upas/smtpd: use the full chain of certificates with TLS
Otherwise, the other side won't be able to verify our certfificate.
Google will report this with the smtp-tls report.
---
diff 2cbda95fa2b7f49e11e86087b9718fde32cb11ad 9d0275079df5d31ba6c0e26f9bc1aaf5710a3501
--- a/sys/src/cmd/upas/smtp/smtpd.c
+++ b/sys/src/cmd/upas/smtp/smtpd.c
@@ -1585,8 +1585,7 @@
void
starttls(void)
{
- int certlen, fd;
- uchar *cert;
+ int fd;
TLSconn conn;
if (tlscert == nil) {
@@ -1593,15 +1592,16 @@
reply("500 5.5.1 illegal command or bad syntax\r\n");
return;
}
- cert = readcert(tlscert, &certlen);
- if (cert == nil) {
+ memset(&conn, 0, sizeof(conn));
+ conn.chain = readcertchain(tlscert);
+ if (conn.chain == nil) {
reply("454 4.7.5 TLS not available\r\n");
return;
}
reply("220 2.0.0 Go ahead make my day\r\n");
- memset(&conn, 0, sizeof(conn));
- conn.cert = cert;
- conn.certlen = certlen;
+ conn.cert = conn.chain->pem;
+ conn.certlen = conn.chain->pemlen;
+ conn.chain = conn.chain->next;
fd = tlsServer(Bfildes(&bin), &conn);
if (fd < 0) {
syslog(0, "smtpd", "TLS start-up failed with %s", him);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-04-25 19:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-25 19:10 [9front] smtpd/tls patch ooga
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).