From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: Ramkumar Ramachandra <artagnon@gmail.com>,
Git List <git@vger.kernel.org>
Subject: Re: [PATCH v2 2/2] send-email: introduce sendemail.smtpsslcertpath
Date: Fri, 05 Jul 2013 10:20:11 -0700 [thread overview]
Message-ID: <7vobag7wl0.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20130705124536.GU862789@vauxhall.crustytoothpaste.net> (brian m. carlson's message of "Fri, 5 Jul 2013 12:45:37 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> You've covered the STARTTLS case, but not the SSL one right above it.
> Someone using smtps on port 465 will still see the warning. You can
> pass SSL_verify_mode to Net::SMTP::SSL->new just like you pass it to
> start_SSL.
OK, will a fix-up look like this on top of 1/2 and 2/2?
git-send-email.perl | 39 +++++++++++++++++++++++----------------
1 file changed, 23 insertions(+), 16 deletions(-)
diff --git a/git-send-email.perl b/git-send-email.perl
index 52028ba..3b80340 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -1093,6 +1093,25 @@ sub smtp_auth_maybe {
return $auth;
}
+# Helper to come up with SSL/TLS certification validation params
+# and warn when doing no verification
+sub ssl_verify_params {
+ use IO::Socket::SSL qw(SSL_VERIFY_PEER SSL_VERIFY_NONE);
+
+ if (!defined $smtp_ssl_cert_path) {
+ $smtp_ssl_cert_path = "/etc/ssl/certs";
+ }
+
+ if (-d $smtp_ssl_cert_path) {
+ return (SSL_verify_mode => SSL_VERIFY_PEER,
+ SSL_ca_path => $smtp_ssl_cert_path);
+ } else {
+ print STDERR "warning: Using SSL_VERIFY_NONE. " .
+ "See sendemail.smtpsslcertpath.\n";
+ return (SSL_verify_mode => SSL_VERIFY_NONE);
+ }
+}
+
# Returns 1 if the message was sent, and 0 otherwise.
# In actuality, the whole program dies when there
# is an error sending a message.
@@ -1195,12 +1214,11 @@ sub send_message {
if ($smtp_encryption eq 'ssl') {
$smtp_server_port ||= 465; # ssmtp
require Net::SMTP::SSL;
- use IO::Socket::SSL qw(SSL_VERIFY_NONE);
$smtp_domain ||= maildomain();
$smtp ||= Net::SMTP::SSL->new($smtp_server,
Hello => $smtp_domain,
Port => $smtp_server_port,
- SSL_verify_mode => SSL_VERIFY_NONE);
+ ssl_verify_params());
}
else {
require Net::SMTP;
@@ -1210,23 +1228,12 @@ sub send_message {
Debug => $debug_net_smtp);
if ($smtp_encryption eq 'tls' && $smtp) {
require Net::SMTP::SSL;
- use IO::Socket::SSL qw(SSL_VERIFY_PEER SSL_VERIFY_NONE);
$smtp->command('STARTTLS');
$smtp->response();
if ($smtp->code == 220) {
- # Attempt to use a ca-certificate by default
- $smtp_ssl_cert_path ||= "/etc/ssl/certs";
- if (-d $smtp_ssl_cert_path) {
- $smtp = Net::SMTP::SSL->start_SSL($smtp,
- SSL_verify_mode => SSL_VERIFY_PEER,
- SSL_ca_path => $smtp_ssl_cert_path)
- or die "STARTTLS failed! ".$smtp->message;
- } else {
- print STDERR "warning: Using SSL_VERIFY_NONE. See sendemail.smtpsslcertpath.\n";
- $smtp = Net::SMTP::SSL->start_SSL($smtp,
- SSL_verify_mode => SSL_VERIFY_NONE)
- or die "STARTTLS failed! ".$smtp->message;
- }
+ $smtp = Net::SMTP::SSL->start_SSL($smtp,
+ ssl_verify_params())
+ or die "STARTTLS failed! ".$smtp->message;
$smtp_encryption = '';
# Send EHLO again to receive fresh
# supported commands
next prev parent reply other threads:[~2013-07-05 17:20 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-05 12:05 [PATCH v2 0/2] Squelch warning from send-email Ramkumar Ramachandra
2013-07-05 12:05 ` [PATCH v2 1/2] send-email: squelch warning from Net::SMTP::SSL Ramkumar Ramachandra
2013-07-06 14:28 ` Torsten Bögershausen
2013-07-06 14:32 ` brian m. carlson
2013-07-06 15:49 ` Torsten Bögershausen
2013-07-14 13:49 ` Ramkumar Ramachandra
2013-07-14 17:03 ` brian m. carlson
2013-07-14 21:49 ` Ramkumar Ramachandra
2013-07-15 3:07 ` Torsten Bögershausen
2013-07-15 4:15 ` Junio C Hamano
2013-07-16 0:15 ` [PATCH] send-email: improve SSL certificate verification brian m. carlson
2013-07-16 2:33 ` Torsten Bögershausen
2013-07-16 2:35 ` brian m. carlson
2013-07-18 16:53 ` Re* " Junio C Hamano
2013-07-18 17:36 ` Ramkumar Ramachandra
2013-07-05 12:05 ` [PATCH v2 2/2] send-email: introduce sendemail.smtpsslcertpath Ramkumar Ramachandra
2013-07-05 12:33 ` Eric Sunshine
2013-07-05 12:36 ` Ramkumar Ramachandra
2013-07-05 12:45 ` brian m. carlson
2013-07-05 12:53 ` Ramkumar Ramachandra
2013-07-05 13:01 ` brian m. carlson
2013-07-05 17:20 ` Junio C Hamano [this message]
2013-07-05 17:47 ` John Keeping
2013-07-05 18:30 ` Junio C Hamano
2013-07-05 18:43 ` John Keeping
2013-07-06 6:25 ` Junio C Hamano
2013-07-06 11:46 ` John Keeping
2013-07-07 4:12 ` Junio C Hamano
2013-07-07 9:02 ` John Keeping
2013-07-05 20:29 ` brian m. carlson
2013-07-07 5:54 ` Jeff King
2013-07-07 10:01 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vobag7wl0.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=artagnon@gmail.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.