Net::SMTPS with doSSL => 'starttls' does not enforce STARTTLS. It enable it only if supported by smtp server. Verification can be done by method call supports('STARTTLS'). --- scripts/bts.pl | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/scripts/bts.pl b/scripts/bts.pl index 2a650d1..b0af235 100755 --- a/scripts/bts.pl +++ b/scripts/bts.pl @@ -2627,13 +2627,26 @@ sub send_mail { } else { die "$progname: Unable to establish SMTPS connection: $smtps_broken\n"; } + } elsif ($smtphost =~ m%^smtp\+starttls://(.*)$%) { + my ($host, $port) = split(/:/, $1); + $port ||= '587'; + + if (have_smtps) { + $smtp = Net::SMTPS->new($host, Port => $port, + Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS + or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n"; + $smtp->supports('STARTTLS') # verify that TLS is enabled + or die "$progname: failed to issue STARTTLS command to $smtphost: Server does not support it\n"; + } else { + die "$progname: Unable to establish SMTPS connection: $smtps_broken\n"; + } } else { my ($host, $port) = split(/:/, $smtphost); $port ||= '25'; if (have_smtps) { $smtp = Net::SMTPS->new($host, Port => $port, - Hello => $smtphelo, doSSL => 'starttls') + Hello => $smtphelo, doSSL => 'starttls') # NOTE: doSSL => 'starttls' does not enforce TLS or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n"; } else { $smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo) -- 1.7.9.5 _______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel