On 3 Aug 2005, at 15:39, Marco Aurelio Monteiro wrote:
In SMTP.pm around line 204 there is a regular expression that checks what authentication methods should be displayed after a EHLO command. If the register hook is called "auth" (with nothing after, like auth-plain or auth-login) it displays all authentication methods, considering it a "polymorphous auth provider". In tls plugin, the last line ("*hook_helo = *hook_data = *hook_rcpt = *hook_mail = *hook_auth = \&bad_ssl_hook;") connects the funtion bad_ssl_hook to the "auth" hook unconditionally, trying to follow RFC2487 secn 5.1, turning on all authentication methods. It caused some strange behavior when working with other authentication plugin. Patch attached.
The patch isn't quite right - you can't retro-actively register a hook and hope it only takes effect in the current session (may work in forkserver - won't work elsewhere). You need to register them all always, and keep the return DECLINED part.
BTW, we are returning a 550 error after TLS negotiation fails, while RFC2487 suggests a 554 return code. Should I describe this return code at Constants.pm?
The core defines the actual return codes... we need a better way of handling this. Not that most SMTP servers will care. I'd just leave that for now if I were you.
Matt.
