Do not require STARTTLS if the connection is already TLS

Question

Do not require STARTTLS if the connection is already TLS

aronatkins opened this issue 7 years ago · comments

Launch a server with something like:

	listener, err := tls.Listen("tcp", "127.0.0.1:0", tlsConfig)
	defer listener.Close()

	go server.Serve(listener)

I should be able to connect to this server and authenticate without issuing STARTTLS.

Related to golang/go#22166 - I was trying to use smtpd to verify my workaround.

Aron Atkins · Answer 1 · Sat Oct 07 2017 03:21:39 GMT+0800 (China Standard Time)

I think this can be fixed by changing newSession to test the type of connection.

func (srv *Server) newSession(c net.Conn) (s *session) {

	s = &session{
		server: srv,
		conn:   c,
		reader: bufio.NewReader(c),
		writer: bufio.NewWriter(c),
		peer: Peer{
			Addr:       c.RemoteAddr(),
			ServerName: srv.Hostname,
		},
	}

	_, s.tls = c.(*tls.Conn)

	s.scanner = bufio.NewScanner(s.reader)

	return

}

Christian Joergensen · Answer 2 · Sat Oct 07 2017 07:14:22 GMT+0800 (China Standard Time)

I will review your comments on Monday.

Christian Joergensen · Answer 3 · Tue Oct 10 2017 02:08:54 GMT+0800 (China Standard Time)

Thank you for your comments, @aronatkins. Your proposed fix did indeed solve the problem and has been committed along with a test case. Under normal circumstances smtps isn't really deployed. But the library should have supported it anyway.

Aron Atkins · Answer 4 · Tue Oct 10 2017 08:10:48 GMT+0800 (China Standard Time)

Thanks, @chrj. The package has been really helpful as a test-aid for some email-sending code.