summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-05-19 12:33:54 +0000
committerJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-05-19 12:33:54 +0000
commit8df771eb2ef7b0188f0817d631c556da7a0c9b01 (patch)
treec38c81fffd96fbf1e861d1145afe7ed2b0070554
parent4579f9e8556f4837002ef10b9409bc7857688c25 (diff)
Accept STARTTLS only after EHLO; ok gilles@
-rw-r--r--usr.sbin/smtpd/smtp_session.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 47fc8960164..c144576310d 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_session.c,v 1.90 2009/05/19 11:42:52 jacekm Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.91 2009/05/19 12:33:53 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -119,6 +119,11 @@ session_rfc3207_stls_handler(struct session *s, char *args)
return 1;
}
+ if (s->s_state != S_HELO) {
+ session_respond(s, "503 TLS not allowed at this stage");
+ return 1;
+ }
+
if (args != NULL) {
session_respond(s, "501 No parameters allowed");
return 1;