From: Philip Hazel Date: Mon, 16 Apr 2007 11:17:12 +0000 (+0000) Subject: Do not advertise STARTTLS in response to HELP unless it would be X-Git-Tag: exim-4_67~2 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/b43a74eae436554933b0d50b5757a42c048fc1d3?ds=sidebyside Do not advertise STARTTLS in response to HELP unless it would be advertised in response to EHLO. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index db68bdae1..b54416c14 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.503 2007/04/16 10:31:58 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.504 2007/04/16 11:17:12 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -214,6 +214,9 @@ PH/44 I found a way to check for a TCP/IP connection going away before sending This could lead to message repetition. This fix should cure that, at least in a lot of common cases. +PH/45 Do not advertise STARTTLS in response to HELP unless it would be + advertised in response to EHLO. + Exim version 4.66 ----------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index dc96a9aa1..fcf165c19 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.57 2007/04/13 15:13:47 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.58 2007/04/16 11:17:13 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -3853,9 +3853,10 @@ while (done <= 0) break; - /* Show ETRN/EXPN/VRFY if there's - an ACL for checking hosts; if actually used, a check will be done for - permitted hosts. */ + /* Show ETRN/EXPN/VRFY if there's an ACL for checking hosts; if actually + used, a check will be done for permitted hosts. Show STARTTLS only if not + already in a TLS session and if it would be advertised in the EHLO + response. */ case HELP_CMD: HAD(SCH_HELP); @@ -3865,7 +3866,9 @@ while (done <= 0) buffer[0] = 0; Ustrcat(buffer, " AUTH"); #ifdef SUPPORT_TLS - Ustrcat(buffer, " STARTTLS"); + if (tls_active < 0 && + verify_check_host(&tls_advertise_hosts) != FAIL) + Ustrcat(buffer, " STARTTLS"); #endif Ustrcat(buffer, " HELO EHLO MAIL RCPT DATA"); Ustrcat(buffer, " NOOP QUIT RSET HELP"); diff --git a/test/stdout/0547 b/test/stdout/0547 index 94356f825..ca7e42990 100644 --- a/test/stdout/0547 +++ b/test/stdout/0547 @@ -57,31 +57,31 @@ End of script 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 221 myhost.test.ex closing connection 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 550 Administrative prohibition @@ -96,15 +96,15 @@ End of script 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 214-Commands supported: -214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP +214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 250 Reset OK 250 OK 554 Too many nonmail commands