On Sat, 4 Feb 2006, John Peacock wrote:
[EMAIL PROTECTED] wrote:
I hope all the mail clients work transparently with these plugins
- documentation is sparse at best! If they aren't "plugin" and play,"
then I'm not familiar with either AUTH or TLS...
tls is 95% plug-and-play as of branches/0.3x (i.e. post 0.31.1). There is a
script in plugins which will create a certificate for you:
$ plugins/tls_cert --help
I think it would be more than 95% plug-and-play if it just failed to work
without a certificate, rather than crashing the server:
...
6472 Loading tls
Failed to open Private Key
SSL error: 6472: 1 - error:02001002:system library:fopen:No such file or
directory
SSL error: 6472: 2 - error:20074002:BIO routines:FILE_CTRL:system lib
SSL error: 6472: 3 - error:140B0002:SSL
routines:SSL_CTX_use_PrivateKey_file:system lib
at /usr/lib/perl5/vendor_perl/5.8.5/IO/Socket/SSL.pm line 619
Could not create SSL context: at /usr/share/qpsmtpd/plugins/tls line 34.
...
I think it would be a good idea to check for the certificate, and mark the
connection as unable to do tls if it doesn't find one, as well as perhaps
writing some helpful advice to the logfile.
...
sub init {
my ($self, $qp, $cert, $key) = @_;
$cert ||= 'ssl/cert.pem';
$key ||= 'ssl/privkey.pem';
$self->tls_cert($cert);
$self->tls_key($key);
local $^W; # this bit is very noisy...
my $ssl_ctx = IO::Socket::SSL::SSL_Context->new(
SSL_use_cert => 1,
SSL_cert_file => $self->tls_cert,
...
