Ticket UUID: | 83d674b2dd2f15cdebb30a6e280e10ae91138f1d | |||
Title: | Native tls outgoing mail servers (typically port 465) | |||
Type: | RFE | Version: | 1.19 | |
Submitter: | anonymous | Created on: | 2018-04-24 08:23:43 | |
Subsystem: | smtp | Assigned To: | aku | |
Priority: | 9 Immediate | Severity: | Important | |
Status: | Closed | Last Modified: | 2018-06-19 04:15:21 | |
Resolution: | Fixed | Closed By: | aku | |
Closed on: | 2018-06-19 04:15:21 | |||
Description: |
For smtp servers running native tls connection on port 465 (tipically) I had to patch smtp.tcl in this way for having smtp working fine. Follow the diff diff /opt/tclrad/lib/tcllib1.19/mime/smtp.tcl . 103a104,105 > # -tlsimport after a succesfull socket command, import tls on > # channel - used for native smtps negotiation 156a159 > -tlsimport {set tlsimport $value} 424c427 < -tlspolicy $tlspolicy \ --- > -tlspolicy $tlspolicy -tlsimport $tlsimport \ 597a601,602 > # -tlsimport after a succesfull socket command, import tls on > # channel - used for native smtps negotiation 618a624 > -tlsimport 0 \ 644a651 > if { $options(-tlsimport) } { tls::import $state(sd) } | |||
User Comments: |
aku added on 2018-06-19 04:15:21:
Merged with commit [9073bd414a] aku added on 2018-06-19 03:57:15: oops. slipped a month. merge asap. anonymous (claiming to be Testing) added on 2018-05-19 10:03:28: I agree with your comments. I have tested succesfully the module downloaded from the trunk. Thank you. Franco. aku added on 2018-05-18 17:15:32: Thank you. I have applied it locally now, although not yet committed, nor pushed. While working on the documentation to describe your new option I had a thought and question: How are you handling when the TLS package is not present ? The code seems to assume that TLS is already present, and simply fails if not. The other parts of smtp.tcl (support for STARTTLS) attempt to `package require tls` and the -tlspolicy option then governs what happens if that fails (error vs continue insecure). With -tlsimport / native TLS I do not see how it could continue unsecure, so I guess -tlspolicy will not be relevant. However attempting to load tls is something I believe could be added. ... Read the code around the new `tls::import` some more. It is in a catch, so a failed `tls::import` (whether through missing package or failed cert) will close the socket and continue trying with the next server. Like tlspolicy `secure`. Good. I believe I will put a `package require tls` in that place to make the error better when the package is missing, vs negotiation issues. ... Ok, this is now in branch [smtp-tlsimport-tkt-83d674b2dd], commit [657782a889]. Please retrieve this and verify that it still works for you as intended. anonymous (claiming to be Attachment added) added on 2018-05-18 05:48:37: I provided the requested attachment. aku added on 2018-05-17 20:00:09: Franco, can you please make a unified diff (`diff -u`) of your changes, and attach them here ? (The `attach` button is the left-most in the secondary navigation bar. You may have to log in first). In case of trouble with that, make it a comment. The important part to me is to get the patch as `unified diff`, because that makes application much easier. A patch as given in the description I would have to apply very much manually, i.e. search the locations, etc. |
Attachments:
- diff.txt [download] added by anonymous on 2018-05-18 05:44:16. [details]