[PATCH] bts: Use scheme smtp+starttls:// to enfore STARTTLS encryption on smtp host

[Pali Rohár]

Net::SMTPS with doSSL => 'starttls' does not enforce STARTTLS. It enable it
only if supported by smtp server. Verification can be done by method call
supports('STARTTLS').
---
 scripts/bts.pl |   15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/scripts/bts.pl b/scripts/bts.pl
index 2a650d1..b0af235 100755
--- a/scripts/bts.pl
+++ b/scripts/bts.pl
@@ -2627,13 +2627,26 @@ sub send_mail {
 	    } else {
 		die "$progname: Unable to establish SMTPS connection: $smtps_broken\n";
 	    }
+	} elsif ($smtphost =~ m%^smtp\+starttls://(.*)$%) {
+	    my ($host, $port) = split(/:/, $1);
+	    $port ||= '587';
+
+	    if (have_smtps) {
+		$smtp = Net::SMTPS->new($host, Port => $port,
+		    Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS
+		    or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
+		$smtp->supports('STARTTLS') # verify that TLS is enabled
+		    or die "$progname: failed to issue STARTTLS command to $smtphost: Server does not support it\n";
+	    } else {
+		die "$progname: Unable to establish SMTPS connection: $smtps_broken\n";
+	    }
 	} else {
 	    my ($host, $port) = split(/:/, $smtphost);
 	    $port ||= '25';
 
 	    if (have_smtps) {
 		$smtp = Net::SMTPS->new($host, Port => $port,
-		    Hello => $smtphelo, doSSL => 'starttls')
+		    Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS
 		    or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
 	    } else {
 		$smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
-- 
1.7.9.5