CVS: cvs.openbsd.org: src

Wed, 21 Oct 2015 09:48:12 -0700 

CVSROOT:        /cvs
Module name:    src
Changes by:     [email protected]   2015/10/21 10:44:28

Modified files:
        usr.sbin/smtpd : smtpd.h ssl_smtpd.c smtp_session.c 

Log message:
Only enable SSL_VERIFY_PEER when the verify option is set on a listener.

Always enabling SSL_VERIFY_PEER unnecessarily increases the number of
messages/bytes in the TLS handshake and increases our attack surface,
since we request and then process client certificates.

ok gilles@

Reply via email to