[devscripts] 01/01: Add STARTTLS support without certificate validity verification.

Andrew Shadura bugzilla at tut.by
Mon Nov 2 21:05:23 UTC 2015 

This is an automated email from the git hooks/post-receive script.

andrewsh pushed a commit to branch starttls
in repository devscripts.

commit 6469c52e8b694622607478475e7cfc67f1ec6a95
Author: Andrew Shadura <andrewsh at debian.org>
Date:   Mon Nov 2 21:21:02 2015 +0100

    Add STARTTLS support without certificate validity verification.
    
    Use Net::SMTPS for both SMTP+SSL and SMTP+STARTTLS.
    When not connecting over SSL, always use Net::SMTPS in hope
    it does STARTTLS when it's detected. If Net::SMTPS isn't
    available, fall back to plain old Net::SMTP.
    
    Replace libnet-smtp-ssl-perl dependency with libnet-smtps-perl
    dependency promoted to Recommends from Suggests.
    
    Signed-off-by: Andrew Shadura <andrewsh at debian.org>
---
 debian/control |  2 +-
 scripts/bts.pl | 41 ++++++++++++++++++++++++++---------------
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/debian/control b/debian/control
index 4a8d23b..7a11bf9 100644
--- a/debian/control
+++ b/debian/control
@@ -53,6 +53,7 @@ Recommends: at,
             gnupg,
             libdistro-info-perl,
             libencode-locale-perl,
+            libnet-smtps-perl,
             libjson-perl,
             liburi-perl,
             libwww-perl,
@@ -78,7 +79,6 @@ Suggests: bsd-mailx | mailx,
           gpgv,
           libauthen-sasl-perl,
           libfile-desktopentry-perl,
-          libnet-smtp-ssl-perl,
           libterm-size-perl,
           libtimedate-perl,
           libyaml-syck-perl,
diff --git a/scripts/bts.pl b/scripts/bts.pl
index 55bb83a..6876ab8 100755
--- a/scripts/bts.pl
+++ b/scripts/bts.pl
@@ -74,7 +74,7 @@ $SIG{'__WARN__'} = sub { warn $_[0] unless $_[0] =~ /^Parsing of undecoded UTF-8
 my $it = undef;
 my $last_user = '';
 my $lwp_broken = undef;
-my $smtp_ssl_broken = undef;
+my $smtps_broken = undef;
 my $authen_sasl_broken;
 my $ua;
 
@@ -98,21 +98,22 @@ sub have_lwp() {
     return $lwp_broken ? 0 : 1;
 }
 
-sub have_smtp_ssl() {
-    return ($smtp_ssl_broken ? 0 : 1) if defined $smtp_ssl_broken;
+sub have_smtps() {
+    return ($smtps_broken ? 0 : 1) if defined $smtps_broken;
     eval {
-	require Net::SMTP::SSL;
+	require Net::SMTPS;
+	use IO::Socket::SSL;
     };
 
     if ($@) {
-	if ($@ =~ m%^Can\'t locate Net/SMTP/SSL%) {
-	    $smtp_ssl_broken="the libnet-smtp-ssl-perl package is not installed";
+	if ($@ =~ m%^Can\'t locate Net/SMTPS%) {
+	    $smtps_broken="the libnet-smtps-perl package is not installed";
 	} else {
-	    $smtp_ssl_broken="couldn't load Net::SMTP::SSL: $@";
+	    $smtps_broken="couldn't load Net::SMTPS: $@";
 	}
     }
-    else { $smtp_ssl_broken=''; }
-    return $smtp_ssl_broken ? 0 : 1;
+    else { $smtps_broken=''; }
+    return $smtps_broken ? 0 : 1;
 }
 
 sub have_authen_sasl() {
@@ -344,6 +345,9 @@ The host name may be followed by a colon (":") and a port number in
 order to use a port other than the default.  It may also begin with
 "ssmtp://" or "smtps://" to indicate that SMTPS should be used.
 
+If SMTPS not specified, B<bts> will still try to use STARTTLS if it's advertised
+by the SMTP host.
+
 Note that one of B<$DEBEMAIL> or B<$EMAIL> must be set in the environment in order
 to use direct SMTP connections to send emails.
 
@@ -2577,18 +2581,25 @@ sub send_mail {
 	    my ($host, $port) = split(/:/, $1);
 	    $port ||= '465';
 
-	    if (have_smtp_ssl) {
-		$smtp = Net::SMTP::SSL->new($host, Port => $port,
-		    Hello => $smtphelo) or die "$progname: failed to open SMTPS connection to $smtphost\n($@)\n";
+	    if (have_smtps) {
+		$smtp = Net::SMTPS->new($host, Port => $port,
+		    Hello => $smtphelo, doSSL => 'ssl', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE)
+		    or die "$progname: failed to open SMTPS connection to $smtphost\n($@)\n";
 	    } else {
-		die "$progname: Unable to establish SMTPS connection: $smtp_ssl_broken\n";
+		die "$progname: Unable to establish SMTPS connection: $smtps_broken\n";
 	    }
 	} else {
 	    my ($host, $port) = split(/:/, $smtphost);
 	    $port ||= '25';
 
-	    $smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
-		or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
+	    if (have_smtps) {
+		$smtp = Net::SMTPS->new($host, Port => $port,
+		    Hello => $smtphelo, doSSL => 'starttls', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE)
+		    or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
+	    } else {
+		$smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
+		    or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
+	    }
 	}
 	if ($smtpuser) {
 	    if (have_authen_sasl) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git

More information about the devscripts-devel mailing list