byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: log improvement

Browse Source
This commit is contained in:
Matt Simerson 2012-06-23 00:53:18 -04:00
parent 143534d7a6
commit 439e9fe566
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/tls
View File

@ -59,7 +59,7 @@ and put a suitable string in config/tls_ciphers (e.g. "DEFAULT" or
=cut =cut
use IO::Socket::SSL 0.98; # qw(debug1 debug2 debug3 debug4); use IO::Socket::SSL 0.98;
sub init { sub init {
my ($self, $qp, $cert, $key, $ca) = @_; my ($self, $qp, $cert, $key, $ca) = @_;
@ -75,7 +75,7 @@ sub init {
$self->tls_ca($ca); $self->tls_ca($ca);
$self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH'); $self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH');
$self->log(LOGINFO, "ciphers: ".$self->tls_ciphers); $self->log(LOGDEBUG, "ciphers: ".$self->tls_ciphers);
local $^W; # this bit is very noisy... local $^W; # this bit is very noisy...
my $ssl_ctx = IO::Socket::SSL::SSL_Context->new( my $ssl_ctx = IO::Socket::SSL::SSL_Context->new(
@ -111,8 +111,7 @@ sub hook_ehlo {
return DECLINED unless $self->can_do_tls; return DECLINED unless $self->can_do_tls;
return DECLINED if $self->connection->notes('tls_enabled'); return DECLINED if $self->connection->notes('tls_enabled');
return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed'); return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed');
my $cap = $transaction->notes('capabilities'); my $cap = $transaction->notes('capabilities') || [];
$cap ||= [];
push @$cap, 'STARTTLS'; push @$cap, 'STARTTLS';
$transaction->notes('tls_enabled', 1); $transaction->notes('tls_enabled', 1);
$transaction->notes('capabilities', $cap); $transaction->notes('capabilities', $cap);
@ -193,10 +192,8 @@ sub _convert_to_ssl {
}; };
if ($@) { if ($@) {
return 0; return 0;
} };
else { return 1;
return 1;
}
} }
sub _convert_to_ssl_async { sub _convert_to_ssl_async {