On Thu, 26 Jul 2001, Chris Garrigues wrote:
> > From: Lynn Winebarger <[EMAIL PROTECTED]>
> > Date: Thu, 26 Jul 2001 13:33:03 -0600 (MDT)
> >
> >
> > Didn't someone on the list say that qmail-remote insists on using TLS
> > if the -DTLS is on, with no fallback? His solution was to compile qmail
> > remote without -DTLS.
> > Could be wrong, I'm fsck'ing the disk with my dev sources right now
> > so I can't check.
>
> That may well be true, but I'd like to actually get TLS *working* rather than
> disable it.
Do you need it for outgoing connections? If you want it for incoming
connections, you can get it by compiling only qmail-remote.c without TLS
defined. Otherwise you'll probably need to do some hacking.
Here's the culprit code in qmail-remote.c:
------------
alarm(timeout);
r = SSL_connect(ssl); saveerrno = errno;
alarm(0);
if (flagtimedout)
{
out("ZTLS not available: connect timed out\n");
zerodie();
}
errno = saveerrno;
if (r<=0)
{
if (needtlsauth && (r=SSL_get_verify_result(ssl)) !=
X509_V_OK)
{
out("ZTLS unable to verify server with ");
out(servercert.s); out(": ");
out(X509_verify_cert_error_string(r)); out("\n");}
else
{
#ifdef DEBUG
out("ZTLS not available: connect failed");
out(": ");
out(ERR_error_string(ERR_get_error(), buf));
out("\n");
#else
out("ZTLS not available: connect failed\n");
#endif
}
zerodie();
---------------
Probably that last ERR_get_error and ERR_error_string should be changed
to SSL_get_error and SSL_error_string, and the check should look for r=0
and r=-1 separately so you can find out what's going on at least.
Lynn
