diff options
| author | Eric Faurot <eric@cvs.openbsd.org> | 2018-06-01 12:24:17 +0000 |
|---|---|---|
| committer | Eric Faurot <eric@cvs.openbsd.org> | 2018-06-01 12:24:17 +0000 |
| commit | 680f59a0a039eed2f0ff860a9e08e77c8ffe03f2 (patch) | |
| tree | 7aae0457d9ddd12bc3105757f9d2d2b60eb66310 /usr.sbin/smtpd/mta.c | |
| parent | ef08d193eef90afe1e39cd9cdf6de6ca84a01fed (diff) | |
Require a valid certificate by default when relaying through a smarthost.
Add "tls no-verify" relay option to disable it.
suggested and initial diff by semarie@.
ok gilles@
Diffstat (limited to 'usr.sbin/smtpd/mta.c')
| -rw-r--r-- | usr.sbin/smtpd/mta.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c index 8e90b503d54..16460131da9 100644 --- a/usr.sbin/smtpd/mta.c +++ b/usr.sbin/smtpd/mta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta.c,v 1.213 2018/05/31 21:06:12 gilles Exp $ */ +/* $OpenBSD: mta.c,v 1.214 2018/06/01 12:24:16 eric Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -677,6 +677,9 @@ mta_handle_envelope(struct envelope *evp, const char *smarthost) return; } + if (smarthost && dispatcher->u.remote.tls_noverify == 0) + evp->agent.mta.relay.flags |= F_TLS_VERIFY; + relay = mta_relay(evp); /* ignore if we don't know the limits yet */ if (relay->limits && |