diff options
| author | Martin Natano <natano@cvs.openbsd.org> | 2017-07-11 06:08:41 +0000 |
|---|---|---|
| committer | Martin Natano <natano@cvs.openbsd.org> | 2017-07-11 06:08:41 +0000 |
| commit | 9acd92d1f5a125fceffd8c538b95d2053adbccad (patch) | |
| tree | 4e5601c96c2e1fdcc592bdc8cc712ff3798f9fe4 /usr.sbin | |
| parent | 5bab984629e74f98cd53e358926b64b6c18a6057 (diff) | |
Remove "listen secure" syntax from smtpd.conf. It's broken since a couple of
months and noone complained.
Users should replace existing "listen secure" directives with two separate
"tls" and "smtps" listeners. i.e. a line like
listen on $iface tls pki $pki
has to be replaced with
listen on $iface tls pki $pki
listen on $iface smtps pki $pki
Relaying syntax is not affected by this change.
suggested by eric
ok gilles
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/parse.y | 13 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.conf.5 | 8 |
2 files changed, 5 insertions, 16 deletions
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 20736f65f72..b522d402460 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.196 2017/05/22 13:43:15 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.197 2017/07/11 06:08:40 natano Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -169,7 +169,7 @@ typedef struct { %} %token AS QUEUE COMPRESSION ENCRYPTION MAXMESSAGESIZE MAXMTADEFERRED LISTEN ON ANY PORT EXPIRE -%token TABLE SECURE SMTPS CERTIFICATE DOMAIN BOUNCEWARN LIMIT INET4 INET6 NODSN SESSION +%token TABLE SMTPS CERTIFICATE DOMAIN BOUNCEWARN LIMIT INET4 INET6 NODSN SESSION %token RELAY BACKUP VIA DELIVER TO LMTP MAILDIR MBOX RCPTTO HOSTNAME HOSTNAMES %token ACCEPT REJECT INCLUDE ERROR MDA FROM FOR SOURCE MTA PKI SCHEDULER %token ARROW AUTH TLS LOCAL VIRTUAL TAG TAGGED ALIAS FILTER KEY CA DHE @@ -515,14 +515,6 @@ opt_if_listen : INET4 { listen_opts.options |= LO_SSL; listen_opts.ssl = F_STARTTLS; } - | SECURE { - if (listen_opts.options & LO_SSL) { - yyerror("TLS mode already specified"); - YYERROR; - } - listen_opts.options |= LO_SSL; - listen_opts.ssl = F_SSL; - } | TLS_REQUIRE { if (listen_opts.options & LO_SSL) { yyerror("TLS mode already specified"); @@ -1512,7 +1504,6 @@ lookup(char *s) { "reject", REJECT }, { "relay", RELAY }, { "scheduler", SCHEDULER }, - { "secure", SECURE }, { "sender", SENDER }, { "senders", SENDERS }, { "session", SESSION }, diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5 index 3f3e4742766..c08e45ee4c4 100644 --- a/usr.sbin/smtpd/smtpd.conf.5 +++ b/usr.sbin/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.173 2017/06/07 13:25:18 jmc Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.174 2017/07/11 06:08:40 natano Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: June 7 2017 $ +.Dd $Mdocdate: July 11 2017 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -657,7 +657,7 @@ Changing the default value might degrade performance. .Ic listen on Ar interface .Op Ar family .Op Ic port Ar port -.Op Ic tls | tls-require | tls-require verify | smtps | secure +.Op Ic tls | tls-require | tls-require verify | smtps .Op Ic pki Ar pkiname .Op Ic ca Ar caname .Op Ic auth | auth-optional Op < Ns Ar authtable Ns > @@ -701,8 +701,6 @@ If is specified, the client must provide a valid certificate to be able to establish an SMTP session. .Pp -.Ic secure -may be specified to provide both STARTTLS and SMTPS services. Host certificates may be used for these connections, and must be previously declared using the pki directive. If |