CVSROOT: /cvs
Module name: src
Changes by: mill...@cvs.openbsd.org 2022/02/10 07:59:35
Modified files:
usr.sbin/smtpd : mta.c mta_session.c parse.y smtpd.h
Log message:
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
case we should not verify the cert or CA (which may be self-signed).
This restores the relay behavior before the switch to libtls was made.
There is no change if the relay is explicitly configured to use TLS.
OK eric@
