git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
69cbeae
)
Use TLS by default on callouts/cutthroughs
author
Jeremy Harris
<jgh146exb@wizmail.org>
Tue, 24 Mar 2015 18:25:27 +0000
(18:25 +0000)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Tue, 24 Mar 2015 18:25:27 +0000
(18:25 +0000)
doc/doc-docbook/spec.xfpt
patch
|
blob
|
history
doc/doc-txt/ChangeLog
patch
|
blob
|
history
src/src/transports/smtp.c
patch
|
blob
|
history
test/confs/5840
patch
|
blob
|
history
test/stderr/5840
patch
|
blob
|
history
diff --git
a/doc/doc-docbook/spec.xfpt
b/doc/doc-docbook/spec.xfpt
index 5f0346e6acaf4e1f824f3e613d24f7b36f9dc190..f274db74e38bb550519cb2f8d8ac03e780a4df00 100644
(file)
--- a/
doc/doc-docbook/spec.xfpt
+++ b/
doc/doc-docbook/spec.xfpt
@@
-23190,12
+23190,13
@@
that matches this list, even if the server host advertises PIPELINING support.
Exim will not try to start a TLS session when delivering to any host that
matches this list. See chapter &<<CHAPTLS>>& for details of TLS.
Exim will not try to start a TLS session when delivering to any host that
matches this list. See chapter &<<CHAPTLS>>& for details of TLS.
-.option hosts_verify_avoid_tls smtp "host list&!!" *
+.new
+.option hosts_verify_avoid_tls smtp "host list&!!" unset
.cindex "TLS" "avoiding for certain hosts"
Exim will not try to start a TLS session for a verify callout,
or when delivering in cutthrough mode,
to any host that matches this list.
.cindex "TLS" "avoiding for certain hosts"
Exim will not try to start a TLS session for a verify callout,
or when delivering in cutthrough mode,
to any host that matches this list.
-Note that the default is to not use TLS.
+.wen
.option hosts_max_try smtp integer 5
.option hosts_max_try smtp integer 5
diff --git
a/doc/doc-txt/ChangeLog
b/doc/doc-txt/ChangeLog
index 55af3186cc73825c355bdef21e679b9443b77842..c0a965eeba24bde0db6e81438edb4d81a8e214f3 100644
(file)
--- a/
doc/doc-txt/ChangeLog
+++ b/
doc/doc-txt/ChangeLog
@@
-81,6
+81,8
@@
JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
from 255 to 1024 chars.
JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
from 255 to 1024 chars.
+JH/24 Verification callouts now attempt to use TLS by default.
+
Exim version 4.85
Exim version 4.85
diff --git
a/src/src/transports/smtp.c
b/src/src/transports/smtp.c
index 6a8fbc43954eb13c663adde522c64c5a142e9a9a..b0fe177e905139b88cfb3779a0fdc0e2ce1be6b3 100644
(file)
--- a/
src/src/transports/smtp.c
+++ b/
src/src/transports/smtp.c
@@
-224,7
+224,7
@@
smtp_transport_options_block smtp_transport_option_defaults = {
#endif
NULL, /* hosts_require_tls */
NULL, /* hosts_avoid_tls */
#endif
NULL, /* hosts_require_tls */
NULL, /* hosts_avoid_tls */
-
US"*",
/* hosts_verify_avoid_tls */
+
NULL,
/* hosts_verify_avoid_tls */
NULL, /* hosts_avoid_pipelining */
NULL, /* hosts_avoid_esmtp */
NULL, /* hosts_nopass_tls */
NULL, /* hosts_avoid_pipelining */
NULL, /* hosts_avoid_esmtp */
NULL, /* hosts_nopass_tls */
diff --git
a/test/confs/5840
b/test/confs/5840
index 0447ce36dae3989601bb8ca203edc59571e72b66..4f468a3843c9c6e4178ab81e20a3084f0146e346 100644
(file)
--- a/
test/confs/5840
+++ b/
test/confs/5840
@@
-66,12
+66,8
@@
send_to_server:
allow_localhost
port = PORT_D
allow_localhost
port = PORT_D
- hosts_verify_avoid_tls = :
hosts_try_dane = *
hosts_require_dane = !thishost.test.ex
hosts_try_dane = *
hosts_require_dane = !thishost.test.ex
- hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
- {= {0}{$tls_out_tlsa_usage}} } \
- {*}{}}
tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
tls_try_verify_hosts = thishost.test.ex
tls_verify_certificates = CDIR2/ca_chain.pem
tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
tls_try_verify_hosts = thishost.test.ex
tls_verify_certificates = CDIR2/ca_chain.pem
diff --git
a/test/stderr/5840
b/test/stderr/5840
index eeffc1103ffcb456ad86614d7a86695e2ae855a3..b2097c1d8f14373f194288af3ba718103fcca670 100644
(file)
--- a/
test/stderr/5840
+++ b/
test/stderr/5840
@@
-33,11
+33,10
@@
MUNGED: ::1 will be omitted in what follows
>>> 250-STARTTLS
>>> 250 HELP
>>> ip4.ip4.ip4.ip4 in hosts_avoid_tls? no (option unset)
>>> 250-STARTTLS
>>> 250 HELP
>>> ip4.ip4.ip4.ip4 in hosts_avoid_tls? no (option unset)
->>> ip4.ip4.ip4.ip4 in hosts_verify_avoid_tls? no (
end of lis
t)
+>>> ip4.ip4.ip4.ip4 in hosts_verify_avoid_tls? no (
option unse
t)
>>> SMTP>> STARTTLS
>>> SMTP<< 220 TLS go ahead
>>> ip4.ip4.ip4.ip4 in hosts_require_ocsp? no (option unset)
>>> SMTP>> STARTTLS
>>> SMTP<< 220 TLS go ahead
>>> ip4.ip4.ip4.ip4 in hosts_require_ocsp? no (option unset)
->>> ip4.ip4.ip4.ip4 in hosts_request_ocsp? yes (matched "*")
>>> ip4.ip4.ip4.ip4 in hosts_require_ocsp? no (option unset)
>>> ip4.ip4.ip4.ip4 in hosts_request_ocsp? no (end of list)
>>> SMTP>> EHLO myhost.test.ex
>>> ip4.ip4.ip4.ip4 in hosts_require_ocsp? no (option unset)
>>> ip4.ip4.ip4.ip4 in hosts_request_ocsp? no (end of list)
>>> SMTP>> EHLO myhost.test.ex