From c86d4971641329640a792246c3c61dff25b59400 Mon Sep 17 00:00:00 2001 From: Augustin Cavalier Date: Fri, 30 Jun 2017 21:42:38 -0400 Subject: [PATCH] SMTP: Remove STARTTLS support. * It's vulnerable to man-in-the-middle attacks (which can't really be fixed) * It's rather nasty to implement (and prevents us from using BSecureSocket) * Nearly all servers I know of which support STARTTLS also support plain TLS also. --- .../outbound_protocols/smtp/ConfigView.cpp | 2 - .../outbound_protocols/smtp/SMTP.cpp | 43 ------------------- .../outbound_protocols/smtp/SMTP.h | 1 - src/preferences/mail/ProviderInfo/ReadMe | 1 - .../mail/ProviderInfo/shaw.ca.rdef | 2 +- 5 files changed, 1 insertion(+), 48 deletions(-) diff --git a/src/add-ons/mail_daemon/outbound_protocols/smtp/ConfigView.cpp b/src/add-ons/mail_daemon/outbound_protocols/smtp/ConfigView.cpp index c66ccd9fb3..620e4a5f1f 100644 --- a/src/add-ons/mail_daemon/outbound_protocols/smtp/ConfigView.cpp +++ b/src/add-ons/mail_daemon/outbound_protocols/smtp/ConfigView.cpp @@ -49,12 +49,10 @@ SMTPConfigView::SMTPConfigView(const BMailAccountSettings& settings) { B_TRANSLATE_MARK_VOID("Unencrypted"); B_TRANSLATE_MARK_VOID("SSL"); - B_TRANSLATE_MARK_VOID("STARTTLS"); #ifdef USE_SSL AddFlavor(B_TRANSLATE_NOCOLLECT("Unencrypted")); AddFlavor(B_TRANSLATE("SSL")); - AddFlavor(B_TRANSLATE("STARTTLS")); #endif AddAuthMethod(B_TRANSLATE("None"), false); diff --git a/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.cpp b/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.cpp index 4c0faeef2f..25fdecd644 100644 --- a/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.cpp +++ b/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.cpp @@ -374,7 +374,6 @@ SMTPProtocol::Open(const char *address, int port, bool esmtp) #ifdef USE_SSL use_ssl = (fSettingsMessage.FindInt32("flavor") == 1); - use_STARTTLS = (fSettingsMessage.FindInt32("flavor") == 2); ssl = NULL; ctx = NULL; #endif @@ -462,48 +461,6 @@ SMTPProtocol::Open(const char *address, int port, bool esmtp) return B_ERROR; } -#ifdef USE_SSL - // Check for STARTTLS - if (use_STARTTLS) { - const char *res = fLog.String(); - char *p; - - SSL_library_init(); - RAND_seed(this,sizeof(SMTPProtocol)); - ::sprintf(cmd, "STARTTLS" CRLF); - - if ((p = ::strstr(res, "STARTTLS")) != NULL) { - // Server advertises STARTTLS support - if (SendCommand(cmd) != B_OK) { - delete[] cmd; - return B_ERROR; - } - - // We should start TLS negotiation - use_ssl = true; - ctx = SSL_CTX_new(TLSv1_method()); - ssl = SSL_new(ctx); - sbio = BIO_new_socket(fSocket,BIO_NOCLOSE); - BIO_set_nbio(sbio, 0); - SSL_set_bio(ssl, sbio, sbio); - SSL_set_connect_state(ssl); - if(SSL_do_handshake(ssl) != 1) - return B_ERROR; - - // Should send EHLO command again - if(!esmtp) - ::sprintf(cmd, "HELO %s" CRLF, localhost); - else - ::sprintf(cmd, "EHLO %s" CRLF, localhost); - - if (SendCommand(cmd) != B_OK) { - delete[] cmd; - return B_ERROR; - } - } - } -#endif // USE_SSL - delete[] cmd; // Check auth type diff --git a/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.h b/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.h index 331043e632..1ea0732195 100644 --- a/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.h +++ b/src/add-ons/mail_daemon/outbound_protocols/smtp/SMTP.h @@ -58,7 +58,6 @@ private: BIO* sbio; bool use_ssl; - bool use_STARTTLS; #endif status_t fStatus; diff --git a/src/preferences/mail/ProviderInfo/ReadMe b/src/preferences/mail/ProviderInfo/ReadMe index 0796821047..690cf19857 100644 --- a/src/preferences/mail/ProviderInfo/ReadMe +++ b/src/preferences/mail/ProviderInfo/ReadMe @@ -35,7 +35,6 @@ you can pass the following options to the last six items: "SMTP SSL": 0 Unencrypted 1 SSL - 2 STARTTLS "Username Pattern": 0 username is the email address (default) diff --git a/src/preferences/mail/ProviderInfo/shaw.ca.rdef b/src/preferences/mail/ProviderInfo/shaw.ca.rdef index 789ed1822e..d074089f4b 100644 --- a/src/preferences/mail/ProviderInfo/shaw.ca.rdef +++ b/src/preferences/mail/ProviderInfo/shaw.ca.rdef @@ -5,5 +5,5 @@ resource(4, "POP Authentication") 0; resource(5, "SMTP Authentication") 1; resource(6, "POP SSL") 0; resource(7, "IMAP SSL") 0; -resource(8, "SMTP SSL") 2; +resource(8, "SMTP SSL") 0; resource(9, "Username Pattern") 1;