aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHiroki Sato <hrs@FreeBSD.org>2019-08-27 19:37:19 +0000
committerHiroki Sato <hrs@FreeBSD.org>2019-08-27 19:37:19 +0000
commit1c3e417caf2d11608f10043b7e70b6e7ed8711ff (patch)
tree0fc4eb9fee5f32fb0ea84194d14dea50145b2e34
parent934381a7c5686d9a7b36335b9b325efde4cff4ef (diff)
downloadsrc-1c3e417caf2d11608f10043b7e70b6e7ed8711ff.tar.gz
src-1c3e417caf2d11608f10043b7e70b6e7ed8711ff.zip
Fix a problem which prevented -OServerSSLOptions or -OClientSSLOptions
specified in the command-line option from working. This patch has been accepted by the upstream. Reviewed by and discussed with: gshapiro
Notes
Notes: svn path=/vendor/sendmail/dist/; revision=351553
-rw-r--r--src/conf.c14
-rw-r--r--src/readcf.c16
2 files changed, 14 insertions, 16 deletions
diff --git a/src/conf.c b/src/conf.c
index c73334e27241..8c7c94b15cfd 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -365,6 +365,20 @@ setdefaults(e)
TLS_Srv_Opts = TLS_I_SRV;
if (NULL == EVP_digest)
EVP_digest = EVP_md5();
+ Srv_SSL_Options = SSL_OP_ALL;
+ Clt_SSL_Options = SSL_OP_ALL
+# ifdef SSL_OP_NO_SSLv2
+ | SSL_OP_NO_SSLv2
+# endif
+# ifdef SSL_OP_NO_TICKET
+ | SSL_OP_NO_TICKET
+# endif
+ ;
+# ifdef SSL_OP_TLSEXT_PADDING
+ /* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
+ Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
+ Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
+# endif /* SSL_OP_TLSEXT_PADDING */
#endif /* STARTTLS */
#ifdef HESIOD_INIT
HesiodContext = NULL;
diff --git a/src/readcf.c b/src/readcf.c
index 2b0fbf711cf5..10eac0bc6724 100644
--- a/src/readcf.c
+++ b/src/readcf.c
@@ -159,22 +159,6 @@ readcf(cfname, safe, e)
FileName = cfname;
LineNumber = 0;
-#if STARTTLS
- Srv_SSL_Options = SSL_OP_ALL;
- Clt_SSL_Options = SSL_OP_ALL
-# ifdef SSL_OP_NO_SSLv2
- | SSL_OP_NO_SSLv2
-# endif
-# ifdef SSL_OP_NO_TICKET
- | SSL_OP_NO_TICKET
-# endif
- ;
-# ifdef SSL_OP_TLSEXT_PADDING
- /* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
- Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
- Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
-# endif /* SSL_OP_TLSEXT_PADDING */
-#endif /* STARTTLS */
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
cf = safefopen(cfname, O_RDONLY, 0444, sff);