STARTTLS Bug in qmail-smtpd (20040401)

Mon, 10 May 2004 21:47:20 -0700 

Hi,

In the setup function of qmail-smtpd the logic for enable ssl is:

   if (control_readint(&sslenabled, "control/cert.pem") == -1)
     sslenabled = 0;
  else
     sslenabled = 1;

If control/cert.pem contains the private key and certificate I don't
think that control_readint is a good idea.

Anyway control_readint returns 0 when the file don't exists enabling
ssl, so qmail-smtpd offers STARTTLS when there isn't a key.

I think that a separate boolean control its a better idea:

--- qmail-1.03/qmail-smtpd.c    2004-05-10 23:13:06.000000000 -0500
+++ qmail-1.03-new/qmail-smtpd.c 2004-05-10 23:12:15.000000000 -0500
@@ -311,10 +311,7 @@
   if (control_readint(&timeout,"control/timeoutsmtpd") == -1)
die_control();
   if (timeout <= 0) timeout = 1;
                                                                                
-  if (control_readint(&sslenabled, "control/cert.pem") == -1)
-    sslenabled = 0;
-  else
-    sslenabled = 1;
+  if (control_readint(&sslenabled, "control/starttls") == -1)
die_control();
  
   x = env_get("TARPITCOUNT");
   if (x) { scan_ulong(x,&u); tarpitcount = u >= UINT_MAX ? UINT_MAX - 1
: u; }


Comments?

-- 
Salvador Ortiz Garcia <[EMAIL PROTECTED]>
Mat�as Software Group

Reply via email to