[PATCH] bts: Use scheme smtp+starttls:// to enfore STARTTLS encryption on smtp host
Pali Rohár
pali.rohar at gmail.com
Thu Jan 26 22:56:22 UTC 2017
Net::SMTPS with doSSL => 'starttls' does not enforce STARTTLS. It enable it
only if supported by smtp server. Verification can be done by method call
supports('STARTTLS').
---
scripts/bts.pl | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/scripts/bts.pl b/scripts/bts.pl
index 2a650d1..b0af235 100755
--- a/scripts/bts.pl
+++ b/scripts/bts.pl
@@ -2627,13 +2627,26 @@ sub send_mail {
} else {
die "$progname: Unable to establish SMTPS connection: $smtps_broken\n";
}
+ } elsif ($smtphost =~ m%^smtp\+starttls://(.*)$%) {
+ my ($host, $port) = split(/:/, $1);
+ $port ||= '587';
+
+ if (have_smtps) {
+ $smtp = Net::SMTPS->new($host, Port => $port,
+ Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS
+ or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
+ $smtp->supports('STARTTLS') # verify that TLS is enabled
+ or die "$progname: failed to issue STARTTLS command to $smtphost: Server does not support it\n";
+ } else {
+ die "$progname: Unable to establish SMTPS connection: $smtps_broken\n";
+ }
} else {
my ($host, $port) = split(/:/, $smtphost);
$port ||= '25';
if (have_smtps) {
$smtp = Net::SMTPS->new($host, Port => $port,
- Hello => $smtphelo, doSSL => 'starttls')
+ Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS
or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
} else {
$smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
--
1.7.9.5
More information about the devscripts-devel
mailing list