Hey,
this works fine on my systems. Nothing breaks so far. This ist just as
feedback to you.
Thanks and greetings
Leo
Am 30.06.2021 um 14:37 schrieb Eric Faurot:
Except for specific cases, SMTP servers do not expect client
certificates for TLS sessions. The log message for missing certificate
is not very useful in practice (handshake fails before if it was
required anyway), and it is even confusing for people.
I think it can go away.
Eric.
Index: smtp_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
retrieving revision 1.431
diff -u -p -r1.431 smtp_session.c
--- smtp_session.c 14 Jun 2021 17:58:16 -0000 1.431
+++ smtp_session.c 30 Jun 2021 08:09:29 -0000
@@ -1070,11 +1070,6 @@ smtp_tls_started(struct smtp_session *s)
(s->flags & SF_VERIFIED) ? "verified" : "unchecked",
tls_peer_cert_hash(io_tls(s->io)));
}
- else {
- log_info("%016"PRIx64" smtp "
- "cert-check result=\"no certificate presented\"",
- s->id);
- }
if (s->listener->flags & F_SMTPS) {
stat_increment("smtp.smtps", 1);
