From: Carlos Peón Costa (no email)
Date: Thu Sep 22 2005 - 10:57:19 EDT
>... It's possible to use client certs without enforce tls?
Reading carefully the docs its seems not possible
"Please be aware, that this will inhibit TLS connections without a proper
client certificate and that it makes sense only when non-TLS submission is
disabled (smtpd_enforce_tls = yes). Otherwise, clients could bypass the
restriction by simply not using STARTTLS at all."
but I thing not using STARTTLS does not triggers permit_tls_clientcerts,
permit_tls_all_clientcerts or check_ccert_access conditions.
Looking at the source code, the reason seems to be another one:
/*
* Wrapper mode uses a dedicated port and always requires TLS.
*
* XXX In non-wrapper mode, it is possible to require client certificate
* verification without requiring TLS. Since certificates can be
verified
* only while TLS is turned on, this means that Postfix will happily
* perform SMTP transactions when the client does not use the STARTTLS
* command. For this reason, Postfix does not require client certificate
* verification unless TLS is required.
*/
state->tls_context =
tls_server_start(smtpd_tls_ctx, state->client,
var_smtpd_starttls_tmout,
state->name, state->addr, &(state->tls_info),
(var_smtpd_tls_req_ccert && state->tls_enforce_tls));
but I don't understand it, tls_server_start seems to be used always on a tls
connection:
/*
* This is the actual startup routine for a new connection. We expect that
* the SMTP buffers are flushed and the "220 Ready to start TLS" was sent
to
* the client, so that we can immediately start the TLS handshake process.
*/
TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
int timeout, const char *peername,
const char *peeraddr,
tls_info_t *tls_info,
int requirecert)
Any idea if state->tls_enforce_tls condition can be removed?
Thanks.
|
|
|