| Ticket UUID: | 83d674b2dd2f15cdebb30a6e280e10ae91138f1d | |||
| Title: | Native tls outgoing mail servers (typically port 465) | |||
| Type: | RFE | Version: | 1.19 | |
| Submitter: | anonymous | Created on: | 2018-04-24 08:23:43 | |
| Subsystem: | smtp | Assigned To: | aku | |
| Priority: | 9 Immediate | Severity: | Important | |
| Status: | Closed | Last Modified: | 2018-06-19 04:15:21 | |
| Resolution: | Fixed | Closed By: | aku | |
| Closed on: | 2018-06-19 04:15:21 | |||
| Description: |
For smtp servers running native tls connection on port 465 (tipically) I had to patch smtp.tcl in this way for having smtp working fine. Follow the diff
diff /opt/tclrad/lib/tcllib1.19/mime/smtp.tcl .
103a104,105
> # -tlsimport after a succesfull socket command, import tls on
> # channel - used for native smtps negotiation
156a159
> -tlsimport {set tlsimport $value}
424c427
< -tlspolicy $tlspolicy \
---
> -tlspolicy $tlspolicy -tlsimport $tlsimport \
597a601,602
> # -tlsimport after a succesfull socket command, import tls on
> # channel - used for native smtps negotiation
618a624
> -tlsimport 0 \
644a651
> if { $options(-tlsimport) } { tls::import $state(sd) }
| |||
| User Comments: |
aku added on 2018-06-19 04:15:21:
(text/x-fossil-wiki)
Merged with commit [9073bd414a] aku added on 2018-06-19 03:57:15: oops. slipped a month. merge asap. anonymous (claiming to be Testing) added on 2018-05-19 10:03:28: I agree with your comments. I have tested succesfully the module downloaded from the trunk. Thank you. Franco. aku added on 2018-05-18 17:15:32: (text/x-fossil-wiki) Thank you. I have applied it locally now, although not yet committed, nor pushed. While working on the documentation to describe your new option I had a thought and question: How are you handling when the TLS package is not present ? The code seems to assume that TLS is already present, and simply fails if not. The other parts of smtp.tcl (support for STARTTLS) attempt to `package require tls` and the -tlspolicy option then governs what happens if that fails (error vs continue insecure). With -tlsimport / native TLS I do not see how it could continue unsecure, so I guess -tlspolicy will not be relevant. However attempting to load tls is something I believe could be added. ... Read the code around the new `tls::import` some more. It is in a catch, so a failed `tls::import` (whether through missing package or failed cert) will close the socket and continue trying with the next server. Like tlspolicy `secure`. Good. I believe I will put a `package require tls` in that place to make the error better when the package is missing, vs negotiation issues. ... Ok, this is now in branch [smtp-tlsimport-tkt-83d674b2dd], commit [657782a889]. Please retrieve this and verify that it still works for you as intended. anonymous (claiming to be Attachment added) added on 2018-05-18 05:48:37: I provided the requested attachment. aku added on 2018-05-17 20:00:09: Franco, can you please make a unified diff (`diff -u`) of your changes, and attach them here ? (The `attach` button is the left-most in the secondary navigation bar. You may have to log in first). In case of trouble with that, make it a comment. The important part to me is to get the patch as `unified diff`, because that makes application much easier. A patch as given in the description I would have to apply very much manually, i.e. search the locations, etc. | |||
Attachments:
- diff.txt [download] added by anonymous on 2018-05-18 05:44:16. [details]