Bug#662958: ssmpt doesn't support separate client key/certificate files

Wed, 07 Mar 2012 07:45:19 -0800 

Oops, here's the patch.

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy

From eaec5d9c556f4752d52c42b6e025b5f4ee4c0343 Mon Sep 17 00:00:00 2001
From: W. Trevor King <[email protected]>
Date: Wed, 7 Mar 2012 08:19:46 -0500
Subject: [PATCH 1/3] Add TLSKey option for separate key and certificate files.

---
 TLS          |    6 +++---
 ssmtp.c      |   12 +++++++++++-
 ssmtp.conf.5 |    3 +++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/TLS b/TLS
index ada03c5..74404a3 100644
--- a/TLS
+++ b/TLS
@@ -26,9 +26,9 @@ Set this to yes to make ssmtp identify itself with a 
certificate.
 TLSCert=<file>
 Specify which certificate file should be used.
 
+TLSKey=<file>
+Specify which key file should be used (can be the same as the
+certificate file).
 
 TODO:
 * Check server certificate for changes and notify about it.
-* Diffrent Certificate and Key file?
-
-
diff --git a/ssmtp.c b/ssmtp.c
index af4d1e5..97d19dc 100644
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -68,6 +68,7 @@ char *gecos;
 char *prog = (char)NULL;
 char *root = NULL;
 char *tls_cert = "/etc/ssl/certs/ssmtp.pem";   /* Default Certificate */
+char *tls_key = "/etc/ssl/certs/ssmtp.pem";    /* Default private key */
 char *uad = (char)NULL;
 char *config_file = (char)NULL;                /* alternate configuration file 
*/
 
@@ -1033,6 +1034,15 @@ bool_t read_config()
                                        log_event(LOG_INFO, "Set 
TLSCert=\"%s\"\n", tls_cert);
                                }
                        }
+                       else if(strcasecmp(p, "TLSKey") == 0) {
+                               if((tls_key = strdup(q)) == (char *)NULL) {
+                                       die("parse_config() -- strdup() 
failed");
+                               }
+
+                               if(log_level > 0) {
+                                       log_event(LOG_INFO, "Set 
TLSKey=\"%s\"\n", tls_key);
+                               }
+                       }
 #endif
                        /* Command-line overrides these */
                        else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
@@ -1138,7 +1148,7 @@ int smtp_open(char *host, int port)
                        return(-1);
                }
 
-               if(SSL_CTX_use_PrivateKey_file(ctx, tls_cert, SSL_FILETYPE_PEM) 
<= 0) {
+               if(SSL_CTX_use_PrivateKey_file(ctx, tls_key, SSL_FILETYPE_PEM) 
<= 0) {
                        perror("Use PrivateKey");
                        return(-1);
                }
diff --git a/ssmtp.conf.5 b/ssmtp.conf.5
index 25f6ceb..d80a24a 100644
--- a/ssmtp.conf.5
+++ b/ssmtp.conf.5
@@ -54,6 +54,9 @@ See RFC 2487.
 .It Cm TLSCert
 The file name of an RSA certificate to use for TLS, if required.
 .Pp
+.It Cm TLSKey
+The file name of an RSA key to use for TLS, if required.
+.Pp
 .It Cm AuthUser
 The user name to use for SMTP AUTH.
 The default is blank, in which case SMTP AUTH is not used.
-- 
1.7.3.4

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to