allow building again

5 files changed, 7 insertions, 49 deletions

diff --git a/smtpd/smtp.h b/smtpd/smtp.h
index f1f1c56c..514a4303 100644
--- a/smtpd/smtp.h
+++ b/smtpd/smtp.h
@@ -44,6 +44,7 @@ struct smtp_params {
 	int			 timeout;	/* timeout in seconds */
 
 	/* TLS options */
+	struct tls		*tls_ctx;
 	const char		*tls_name;	/* hostname of requested server */
 	int			 tls_req;	/* requested TLS mode */
 	int			 tls_verify;	/* need valid server certificate */
@@ -87,8 +88,6 @@ void smtp_quit(struct smtp_client *);
 void smtp_sendmail(struct smtp_client *, struct smtp_mail *);
 
 /* callbacks */
-void smtp_verify_server_cert(void *, struct smtp_client *, void *);
-void smtp_require_tls(void *, struct smtp_client *);
 void smtp_ready(void *, struct smtp_client *);
 void smtp_failed(void *, struct smtp_client *, int, const char *);
 void smtp_closed(void *, struct smtp_client *);
diff --git a/smtpd/smtp_client.c b/smtpd/smtp_client.c
index 2e73562a..0b2e4a5a 100644
--- a/smtpd/smtp_client.c
+++ b/smtpd/smtp_client.c
@@ -507,8 +507,9 @@ smtp_client_response(struct smtp_client *proto, const char *line)
 			}
 			smtp_client_state(proto, STATE_AUTH);
 		}
-		else
-			smtp_require_tls(proto->tag, proto);
+		else {
+			//smtp_require_tls(proto->tag, proto);
+		}
 		break;
 
 	case STATE_AUTH_PLAIN:
@@ -618,7 +619,7 @@ smtp_client_io(struct io *io, int evt, void *arg)
 	case IO_CONNECTED:
 		if (proto->params.tls_req == TLS_SMTPS) {
 			io_set_write(io);
-			smtp_require_tls(proto->tag, proto);
+			//smtp_require_tls(proto->tag, proto);
 		}
 		else
 			smtp_client_state(proto, STATE_BANNER);
@@ -627,7 +628,6 @@ smtp_client_io(struct io *io, int evt, void *arg)
 	case IO_TLSREADY:
 		proto->flags |= FLAG_TLS;
 		io_pause(proto->io, IO_IN);
-		smtp_verify_server_cert(proto->tag, proto, io_tls(proto->io));
 		break;
 
 	case IO_DATAIN:
diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c
index 1038da45..f254db21 100644
--- a/smtpd/smtp_session.c
+++ b/smtpd/smtp_session.c
@@ -2822,7 +2822,7 @@ smtp_message_begin(struct smtp_tx *tx)
 		m_printf(tx, " (%s:%s:%d:%s)",
 		    tls_conn_version(io_tls(s->io)),
 		    tls_conn_cipher(io_tls(s->io)),
-		    tls_conn_cipher_bits(io_tls(s->io)),
+		    tls_conn_cipher_strength(io_tls(s->io)),
 		    (s->flags & SF_VERIFIED) ? "YES" : "NO");
 
 		if (s->listener->flags & F_RECEIVEDAUTH) {
diff --git a/smtpd/smtpc.c b/smtpd/smtpc.c
index c2cfc710..9f60b964 100644
--- a/smtpd/smtpc.c
+++ b/smtpd/smtpc.c
@@ -351,47 +351,6 @@ log_trace(int lvl, const char *emsg, ...)
 }
 
 void
-smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx)
-{
-	SSL *ssl = ctx;
-	X509 *cert;
-	long res;
-	int match;
-
-	if ((cert = SSL_get_peer_certificate(ssl))) {
-		(void)ssl_check_name(cert, servname, &match);
-		X509_free(cert);
-		res = SSL_get_verify_result(ssl);
-		if (res == X509_V_OK) {
-			if (match) {
-				log_debug("valid certificate");
-				smtp_cert_verified(proto, CERT_OK);
-			}
-			else {
-				log_debug("certificate does not match hostname");
-				smtp_cert_verified(proto, CERT_INVALID);
-			}
-			return;
-		}
-		log_debug("certificate validation error %ld", res);
-	}
-	else
-		log_debug("no certificate provided");
-
-	smtp_cert_verified(proto, CERT_INVALID);
-}
-
-void
-smtp_require_tls(void *tag, struct smtp_client *proto)
-{
-	SSL *ssl = NULL;
-
-	if ((ssl = SSL_new(ssl_ctx)) == NULL)
-		fatal("SSL_new");
-	smtp_set_tls(proto, ssl);
-}
-
-void
 smtp_ready(void *tag, struct smtp_client *proto)
 {
 	log_debug("connection ready...");
diff --git a/smtpd/to.c b/smtpd/to.c
index 6b35804e..4b2bd5a9 100644
--- a/smtpd/to.c
+++ b/smtpd/to.c
@@ -838,7 +838,7 @@ tls_to_text(struct tls *tls)
 	(void)snprintf(buf, sizeof buf, "%s:%s:%d",
 	    tls_conn_version(tls),
 	    tls_conn_cipher(tls),
-	    tls_conn_cipher_bits(tls));
+	    tls_conn_cipher_strength(tls));
 
 	return (buf);
 }