diff options
| author | D. Can Celasun | 2019-03-13 09:54:45 +0100 |
|---|---|---|
| committer | D. Can Celasun | 2019-03-13 09:54:56 +0100 |
| commit | 39751980b844e8d3836304e2c7655fba07a78c44 (patch) | |
| tree | 0d0a4acae720d555f5caf83c949c261230b6c874 | |
| download | aur-39751980b844e8d3836304e2c7655fba07a78c44.tar.gz | |
[New package] ssmtp 2.64-10
Resurrected the package that was deleted from [extra] and added patches from Fedora.
| -rw-r--r-- | .SRCINFO | 38 | ||||
| -rw-r--r-- | PKGBUILD | 70 | ||||
| -rw-r--r-- | aliases.patch | 157 | ||||
| -rw-r--r-- | authpass.patch | 14 | ||||
| -rw-r--r-- | defaultvalues.patch | 43 | ||||
| -rw-r--r-- | garbage_writes.patch | 19 | ||||
| -rw-r--r-- | openssl_crypto.patch | 21 | ||||
| -rw-r--r-- | remote-addr.patch | 27 | ||||
| -rw-r--r-- | validate-TLS-server-cert.patch | 154 |
9 files changed, 543 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..9a644edf4856 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,38 @@ +# Generated by mksrcinfo v8 +# Wed Mar 13 08:53:47 UTC 2019 +pkgbase = ssmtp + pkgdesc = Extremely simple MTA to get mail off the system to a mailhub (with Fedora patches) + pkgver = 2.64 + pkgrel = 10 + url = https://packages.debian.org/stable/mail/ssmtp + arch = i686 + arch = x86_64 + license = GPL + depends = openssl + depends = inetutils + provides = smtp-forwarder + conflicts = exim + conflicts = smtp-forwarder + options = !makeflags + options = !emptydirs + backup = etc/ssmtp/ssmtp.conf + backup = etc/ssmtp/revaliases + source = http://ftp.debian.org/debian/pool/main/s/ssmtp/ssmtp_2.64.orig.tar.bz2 + source = aliases.patch + source = authpass.patch + source = defaultvalues.patch + source = garbage_writes.patch + source = remote-addr.patch + source = validate-TLS-server-cert.patch + source = openssl_crypto.patch + md5sums = 65b4e0df4934a6cd08c506cabcbe584f + md5sums = 15d3b21c64b83aba4ad2283318ac0680 + md5sums = d2b946bd299453eb2df7bcc1d6186592 + md5sums = 5430349d5c29afd93def93848b4bb258 + md5sums = 69c2bd9a00189a4c110d420b23d69258 + md5sums = 3473db24c65bbe6fdeb51e99427e8ee2 + md5sums = 237a6fad4d367b566ada3a900d1f1bc0 + md5sums = aeb4ed09a26eefea9a5f6ac755c4dff0 + +pkgname = ssmtp + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..c23c5acf40d6 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,70 @@ +pkgname=ssmtp +pkgver=2.64 +pkgrel=10 +pkgdesc="Extremely simple MTA to get mail off the system to a mailhub (with Fedora patches)" +arch=('i686' 'x86_64') +license=('GPL') +url="https://packages.debian.org/stable/mail/ssmtp" +depends=('openssl' 'inetutils') +conflicts=('exim' 'smtp-forwarder') +provides=('smtp-forwarder') +backup=('etc/ssmtp/ssmtp.conf' 'etc/ssmtp/revaliases') +options=('!makeflags' '!emptydirs') +source=("http://ftp.debian.org/debian/pool/main/s/ssmtp/${pkgname}_${pkgver}.orig.tar.bz2" + 'aliases.patch' + 'authpass.patch' + 'defaultvalues.patch' + 'garbage_writes.patch' + 'remote-addr.patch' + 'validate-TLS-server-cert.patch' + 'openssl_crypto.patch' +) +md5sums=('65b4e0df4934a6cd08c506cabcbe584f' + '15d3b21c64b83aba4ad2283318ac0680' + 'd2b946bd299453eb2df7bcc1d6186592' + '5430349d5c29afd93def93848b4bb258' + '69c2bd9a00189a4c110d420b23d69258' + '3473db24c65bbe6fdeb51e99427e8ee2' + '237a6fad4d367b566ada3a900d1f1bc0' + 'aeb4ed09a26eefea9a5f6ac755c4dff0') + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i "${srcdir}/openssl_crypto.patch" + + # Patches from https://src.fedoraproject.org/rpms/ssmtp/tree/master + patch -p1 -i "${srcdir}/aliases.patch" + patch -p1 -i "${srcdir}/authpass.patch" + patch -p1 -i "${srcdir}/defaultvalues.patch" + patch -p1 -i "${srcdir}/garbage_writes.patch" + patch -p1 -i "${srcdir}/remote-addr.patch" + patch -p1 -i "${srcdir}/validate-TLS-server-cert.patch" +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + autoreconf + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --enable-md5auth \ + --enable-ssl\ + --enable-inet6 + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + yes | make prefix="${pkgdir}/usr" mandir="${pkgdir}/usr/share/man/man8" etcdir="${pkgdir}/etc" install + + install -D -m644 ssmtp.conf.5 "${pkgdir}/usr/share/man/man5/ssmtp.conf.5" + + ln -s ssmtp "${pkgdir}/usr/sbin/sendmail" + ln -s ssmtp "${pkgdir}/usr/sbin/newaliases" + ln -s ssmtp "${pkgdir}/usr/sbin/mailq" + # usrmove + cd "$pkgdir" + mv usr/sbin usr/bin +} diff --git a/aliases.patch b/aliases.patch new file mode 100644 index 000000000000..1d99c2e14102 --- /dev/null +++ b/aliases.patch @@ -0,0 +1,157 @@ +--- ssmtp-2.61/Makefile.in 2008-06-07 14:41:15.000000000 -0400 ++++ ssmtp-2.61.new/Makefile.in 2008-06-07 14:41:46.000000000 -0400 +@@ -17,6 +17,7 @@ + # Configuration files + CONFIGURATION_FILE=$(SSMTPCONFDIR)/ssmtp.conf + REVALIASES_FILE=$(SSMTPCONFDIR)/revaliases ++ALIASES_FILE=/etc/aliases + + INSTALLED_CONFIGURATION_FILE=$(CONFIGURATION_FILE) + INSTALLED_REVALIASES_FILE=$(REVALIASES_FILE) +@@ -34,6 +35,7 @@ + -DSSMTPCONFDIR=\"$(SSMTPCONFDIR)\" \ + -DCONFIGURATION_FILE=\"$(CONFIGURATION_FILE)\" \ + -DREVALIASES_FILE=\"$(REVALIASES_FILE)\" \ ++-DALIASES_FILE=\"$(ALIASES_FILE)\" \ + + + CFLAGS=@DEFS@ $(EXTRADEFS) @CFLAGS@ +diff -u -r -N ssmtp-2.61/ssmtp.c ssmtp-2.61.new/ssmtp.c +--- ssmtp-2.61/ssmtp.c 2008-06-07 14:41:15.000000000 -0400 ++++ ssmtp-2.61.new/ssmtp.c 2008-06-07 14:41:51.000000000 -0400 +@@ -429,6 +429,50 @@ + } + + /* ++ * Eugene: ++ * ++ * simple aliases support: ++ * lookup aliases file and remap rcpt ++ */ ++char *aliases_lookup(char *str) ++{ ++ char buf[(BUF_SZ + 1)], *p; ++ char name[(BUF_SZ + 1)]; ++ FILE *fp; ++ char *saveptr = NULL; ++ ++ if((fp = fopen(ALIASES_FILE, "r"))) { ++ strncpy(name, str, BUF_SZ); ++ while(fgets(buf, sizeof(buf), fp)) { ++ /* Make comments invisible */ ++ if((p = strchr(buf, '#'))) { ++ *p = (char)NULL; ++ } ++ ++ /* Ignore malformed lines and comments */ ++ if(strchr(buf, ':') == (char *)NULL) { ++ continue; ++ } ++ ++ /* Parse the alias */ ++ if( (p = strtok_r(buf, ": \t\r\n", &saveptr) ) && !strncmp(p, name, BUF_SZ) && ++ (p = strtok_r(NULL, ": \t\r\n", &saveptr) )) { ++ if(log_level > 0) log_event(LOG_INFO, "Remapping: \"%s\" --> \"%s\"\n", name, p); ++ strncpy(name, p, BUF_SZ); ++ } ++ } ++ ++ fclose(fp); ++ if( strcmp( str, name ) == 0 ) { ++ return strdup(name); ++ } else { ++ return aliases_lookup(name); ++ } ++ ++ } else return str; /* can't read aliases? it's not a problem */ ++} ++ ++/* + from_strip() -- Transforms "Name <login@host>" into "login@host" or "login@host (Real name)" + */ + char *from_strip(char *str) +@@ -654,9 +698,14 @@ + char *rcpt_remap(char *str) + { + struct passwd *pw; +- if((root==NULL) || strlen(root)==0 || strchr(str, '@') || +- ((pw = getpwnam(str)) == NULL) || (pw->pw_uid > MAXSYSUID)) { +- return(append_domain(str)); /* It's not a local systems-level user */ ++ char *rcpt; ++ ++ /* before all other mappings */ ++ rcpt = aliases_lookup(str); ++ ++ if((root==NULL) || strlen(root)==0 || strchr(rcpt, '@') || ++ ((pw = getpwnam(rcpt)) == NULL) || (pw->pw_uid > MAXSYSUID)) { ++ return(append_domain(rcpt)); /* It's not a local systems-level user */ + } + else { + return(append_domain(root)); +diff -up ssmtp-2.61/README.old ssmtp-2.61/README +--- ssmtp-2.61/README.old 2008-12-26 16:38:31.000000000 +0200 ++++ ssmtp-2.61/README 2008-12-26 16:33:29.000000000 +0200 +@@ -3,12 +3,12 @@ Purpose and value: + send their mail via the departmental mailhub from which they pick up their + mail (via pop, imap, rsmtp, pop_fetch, NFS... or the like). This program + accepts mail and sends it to the mailhub, optionally replacing the domain in +- the From: line with a different one. ++ the From: line with a different one and expanding aliases. + +- WARNING: the above is all it does. It does not receive mail, expand aliases +- or manage a queue. That belongs on a mailhub with a system administrator. +- The man page (ssmtp.8) and the program logic manual (ssmtp_plm) discuss the +- limitations in more detail. ++ WARNING: the above is all it does. It does not receive mail, or manage a ++ queue. That belongs on a mailhub with a system administrator. The man page ++ (ssmtp.8) and the program logic manual (ssmtp_plm) discuss the limitations in ++ more detail. Expanding aliases is only available after release 2.61-11.8. + + It uses a minimum of external configuration information, and so can be + installed by copying the (right!) binary and an optional four-line config +diff -up ssmtp-2.61/ssmtp.8.old ssmtp-2.61/ssmtp.8 +--- ssmtp-2.61/ssmtp.8.old 2008-12-26 16:38:49.000000000 +0200 ++++ ssmtp-2.61/ssmtp.8 2008-12-26 16:46:33.000000000 +0200 +@@ -22,7 +22,8 @@ placed in dead.letter in the sender's ho + .PP + Config files allow one to specify the address to receive mail from + root, daemon, etc.; a default mailhub; a default domain to be used in +-From: lines; and per-user From: addresses and mailhub names. ++From: lines; per-user From: addresses and mailhub names; and aliases in the ++traditional format used by sendmail for the /etc/aliases file. + .sp + .PP + It does not attempt to provide all the functionality of sendmail: it is +@@ -32,9 +33,8 @@ spool option for non-Sun machines, for m + difficult (or various) to configure, for machines with known disfeatures in + their sendmails or for ones where there are ``mysterious problems''. + .PP +-It does not do aliasing, which must be done either in the user agent +-or on the mailhub. Nor does it honor .forwards, which have to be done +-on the recieving host. It especially does not deliver to pipelines. ++It does not honor .forwards, which have to be done on the recieving host. It ++especially does not deliver to pipelines. + + .SH OPTIONS + Most sendmail options are irrelevent to sSMTP. Those marked ``ignored'' or +@@ -271,6 +271,8 @@ through mail.isp.com. + /etc/ssmtp/ssmtp.conf - configuration file + .br + /etc/ssmtp/revaliases - reverse aliases file ++.br ++ /etc/aliases - aliases file + + .SH SEE ALSO + RFC821, RFC822, ssmtp.conf(5). +--- ssmtp-2.64/ssmtp.c.orig 2012-07-01 02:33:18.966734682 +0300 ++++ ssmtp-2.64/ssmtp.c 2012-07-01 02:33:53.102942337 +0300 +@@ -1781,7 +1781,7 @@ char **parse_options(int argc, char *arg + } + else if(strcmp(prog, "newaliases") == 0) { + /* Someone wanted to rebuild aliases */ +- paq("newaliases: Aliases are not used in sSMTP\n"); ++ paq("newaliases: In sSMTP aliases are read from a plain text file\n"); + } + + i = 1; + diff --git a/authpass.patch b/authpass.patch new file mode 100644 index 000000000000..fbff8959c909 --- /dev/null +++ b/authpass.patch @@ -0,0 +1,14 @@ +diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c +--- ssmtp-2.61/ssmtp.c.orig 2008-11-26 17:27:29.000000000 +0200 ++++ ssmtp-2.61/ssmtp.c 2008-11-26 17:25:36.000000000 +0200 +@@ -1051,7 +1051,8 @@ bool_t read_config() + } + } + else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) { +- if((auth_pass = strdup(q)) == (char *)NULL) { ++ auth_pass = firsttok(&rightside, " \n\t"); ++ if(auth_pass == (char *)NULL) { + die("parse_config() -- strdup() failed"); + } + + diff --git a/defaultvalues.patch b/defaultvalues.patch new file mode 100644 index 000000000000..45552d6dc5b3 --- /dev/null +++ b/defaultvalues.patch @@ -0,0 +1,43 @@ +--- ssmtp-2.64/ssmtp.conf.orig 2013-09-26 00:29:04.953690875 +0300 ++++ ssmtp-2.64/ssmtp.conf 2013-09-26 00:53:53.627236000 +0300 +@@ -1,7 +1,9 @@ + # + # /etc/ssmtp.conf -- a config file for sSMTP sendmail. + # +- ++# See the ssmtp.conf(5) man page for a more verbose explanation of the ++# available options. ++# + # The person who gets all mail for userids < 1000 + # Make this empty to disable rewriting. + root=postmaster +@@ -19,10 +21,10 @@ mailhub=mail + # mailhub=mail.your.domain:465 + + # Where will the mail seem to come from? +-rewriteDomain= ++#RewriteDomain= + + # The full hostname +-hostname=_HOSTNAME_ ++#Hostname= + + # Set this to never rewrite the "From:" line (unless not given) and to + # use that address in the "from line" of the envelope. +@@ -30,12 +32,14 @@ hostname=_HOSTNAME_ + + # Use SSL/TLS to send secure messages to server. + #UseTLS=YES ++#IMPORTANT: The following line is mandatory for TLS authentication ++TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt + + # Use SSL/TLS certificate to authenticate against smtp host. + #UseTLSCert=YES + + # Use this RSA certificate. +-#TLSCert=/etc/ssl/certs/ssmtp.pem ++#TLSCert=/etc/pki/tls/private/ssmtp.pem + + # Get enhanced (*really* enhanced) debugging information in the logs + # If you want to have debugging of the config file parsing, move this option + diff --git a/garbage_writes.patch b/garbage_writes.patch new file mode 100644 index 000000000000..32f008d06ed4 --- /dev/null +++ b/garbage_writes.patch @@ -0,0 +1,19 @@ +--- ssmtp-2.64/ssmtp.c.orig 2012-06-30 23:56:31.000000000 +0300 ++++ ssmtp-2.64/ssmtp.c 2012-06-30 23:59:02.764119487 +0300 +@@ -1655,12 +1655,12 @@ int ssmtp(char *argv[]) + outbytes += smtp_write(sock, "%s", leadingdot ? b : buf); + } else { + if (log_level > 0) { +- log_event(LOG_INFO, "Sent a very long line in chunks"); ++ log_event(LOG_INFO, "Sending a partial line"); + } + if (leadingdot) { +- outbytes += fd_puts(sock, b, sizeof(b)); ++ outbytes += fd_puts(sock, b, strlen(b)); + } else { +- outbytes += fd_puts(sock, buf, bufsize); ++ outbytes += fd_puts(sock, buf, strlen(buf)); + } + } + (void)alarm((unsigned) MEDWAIT); + diff --git a/openssl_crypto.patch b/openssl_crypto.patch new file mode 100644 index 000000000000..e3055b2e712c --- /dev/null +++ b/openssl_crypto.patch @@ -0,0 +1,21 @@ +Fix linking error: + +Undefined symbols: + "_X509_free", referenced from: + _smtp_open in ssmtp.o +ld: symbol(s) not found + + +Index: ssmtp-2.64/configure.in +=================================================================== +--- ssmtp-2.64.orig/configure.in ++++ ssmtp-2.64/configure.in +@@ -52,7 +52,7 @@ AC_ARG_ENABLE(ssl, + [ --enable-ssl support for secure connection to mail server]) + if test x$enableval = xyes ; then + AC_DEFINE(HAVE_SSL) +- LIBS="$LIBS -lssl" ++ LIBS="$LIBS -lssl -lcrypto" + fi + enableval="" + diff --git a/remote-addr.patch b/remote-addr.patch new file mode 100644 index 000000000000..37b3b3cf8ad7 --- /dev/null +++ b/remote-addr.patch @@ -0,0 +1,27 @@ +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557741 + +Patch by Victor Sudakov <sudakov@sibptus.tomsk.ru> +Modified by Anibal Monsalve Salazar <anibal@debian.org> + +--- a/ssmtp.c 2009-11-23 20:55:11.000000000 +1100 ++++ b/ssmtp.c 2009-11-24 13:27:58.000000000 +1100 +@@ -1409,6 +1409,7 @@ + int ssmtp(char *argv[]) + { + char b[(BUF_SZ + 2)], *buf = b+1, *p, *q; ++ char *remote_addr; + #ifdef MD5AUTH + char challenge[(BUF_SZ + 1)]; + #endif +@@ -1612,6 +1613,10 @@ + outbytes += smtp_write(sock, "From: %s", from); + } + ++ if(remote_addr=getenv("REMOTE_ADDR")) { ++ outbytes += smtp_write(sock, "X-Originating-IP: %s", remote_addr); ++ } ++ + if(have_date == False) { + outbytes += smtp_write(sock, "Date: %s", arpadate); + } + diff --git a/validate-TLS-server-cert.patch b/validate-TLS-server-cert.patch new file mode 100644 index 000000000000..69bdd8bea850 --- /dev/null +++ b/validate-TLS-server-cert.patch @@ -0,0 +1,154 @@ +diff -up ssmtp-2.64/ssmtp.conf.5.orig ssmtp-2.64/ssmtp.conf.5 +--- ssmtp-2.64/ssmtp.conf.5.orig 2013-08-20 10:09:28.912253115 +0300 ++++ ssmtp-2.64/ssmtp.conf.5 2013-08-20 10:10:05.666212495 +0300 +@@ -53,6 +53,13 @@ See RFC 2487. + .Pp + .It Cm TLSCert + The file name of an RSA certificate to use for TLS, if required. ++.It Cm TLSKey ++The file name of an RSA key to use for TLS, if required. ++.It Cm TLS_CA_File ++A file of trusted certificates for validating the server, if required. ++.Pp ++.It Cm TLS_CA_Dir ++A directory of trusted certificates for validating the server, if required. + .Pp + .It Cm AuthUser + The user name to use for SMTP AUTH. +diff -up ssmtp-2.64/ssmtp.c.orig ssmtp-2.64/ssmtp.c +--- ssmtp-2.64/ssmtp.c.orig 2013-08-20 10:09:03.510255402 +0300 ++++ ssmtp-2.64/ssmtp.c 2013-08-20 10:10:05.666212495 +0300 +@@ -69,7 +69,10 @@ char *minus_F = (char)NULL; + char *gecos; + char *prog = (char)NULL; + char *root = NULL; +-char *tls_cert = "/etc/ssl/certs/ssmtp.pem"; /* Default Certificate */ ++char *tls_cert = "/etc/pki/tls/private/ssmtp.pem"; /* Default Certificate */ ++char *tls_key = "/etc/pki/tls/private/ssmtp.pem"; /* Default private key */ ++char *tls_ca_file = NULL; /* Trusted Certificate file */ ++char *tls_ca_dir = NULL; /* Trusted Certificate directory */ + char *uad = (char)NULL; + char *config_file = (char)NULL; /* alternate configuration file */ + +@@ -1084,6 +1087,33 @@ bool_t read_config() + log_event(LOG_INFO, "Set TLSCert=\"%s\"\n", tls_cert); + } + } ++ else if(strcasecmp(p, "TLSKey") == 0) { ++ if((tls_key = strdup(q)) == (char *)NULL) { ++ die("parse_config() -- strdup() failed"); ++ } ++ ++ if(log_level > 0) { ++ log_event(LOG_INFO, "Set TLSKey=\"%s\"\n", tls_key); ++ } ++ } ++ else if(strcasecmp(p, "TLS_CA_File") == 0) { ++ if((tls_ca_file = strdup(q)) == (char *)NULL) { ++ die("parse_config() -- strdup() failed"); ++ } ++ ++ if(log_level > 0) { ++ log_event(LOG_INFO, "Set TLS_CA_File=\"%s\"\n", tls_ca_file); ++ } ++ } ++ else if(strcasecmp(p, "TLS_CA_Dir") == 0) { ++ if((tls_ca_dir = strdup(q)) == (char *)NULL) { ++ die("parse_config() -- strdup() failed"); ++ } ++ ++ if(log_level > 0) { ++ log_event(LOG_INFO, "Set TLS_CA_Dir=\"%s\"\n", tls_ca_dir); ++ } ++ } + #endif + /* Command-line overrides these */ + else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) { +@@ -1168,6 +1198,8 @@ int smtp_open(char *host, int port) + + #ifdef HAVE_SSL + int err; ++ long lerr; ++ unsigned long ulerr; + char buf[(BUF_SZ + 1)]; + + /* Init SSL stuff */ +@@ -1190,7 +1222,7 @@ int smtp_open(char *host, int port) + return(-1); + } + +- if(SSL_CTX_use_PrivateKey_file(ctx, tls_cert, SSL_FILETYPE_PEM) <= 0) { ++ if(SSL_CTX_use_PrivateKey_file(ctx, tls_key, SSL_FILETYPE_PEM) <= 0) { + perror("Use PrivateKey"); + return(-1); + } +@@ -1200,6 +1232,16 @@ int smtp_open(char *host, int port) + return(-1); + } + } ++ if (tls_ca_file || tls_ca_dir) { ++ if(!SSL_CTX_load_verify_locations(ctx, tls_ca_file, tls_ca_dir)) { ++ ulerr = ERR_get_error(); ++ log_event(LOG_ERR, "Error setting verify location: %s", ++ ERR_reason_error_string(ulerr)); ++ return(-1); ++ } ++ } ++ ++ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + #endif + + #ifdef INET6 +@@ -1303,14 +1345,20 @@ int smtp_open(char *host, int port) + + ssl = SSL_new(ctx); + if(!ssl) { +- log_event(LOG_ERR, "SSL not working"); ++ ulerr = ERR_get_error(); ++ log_event(LOG_ERR, "SSL not working: %s", ++ ERR_reason_error_string(ulerr)); + return(-1); + } + SSL_set_fd(ssl, s); + + err = SSL_connect(ssl); + if(err < 0) { +- perror("SSL_connect"); ++ ulerr = ERR_get_error(); ++ lerr = SSL_get_verify_result(ssl); ++ log_event(LOG_ERR, "SSL not working: %s (%ld)", ++ ERR_reason_error_string(ulerr), lerr); ++ + return(-1); + } + +@@ -1324,8 +1372,6 @@ int smtp_open(char *host, int port) + return(-1); + } + X509_free(server_cert); +- +- /* TODO: Check server cert if changed! */ + } + #endif + +diff -up ssmtp-2.64/TLS.orig ssmtp-2.64/TLS +--- ssmtp-2.64/TLS.orig 2013-08-20 10:09:52.524212818 +0300 ++++ ssmtp-2.64/TLS 2013-08-20 10:10:05.667213425 +0300 +@@ -26,9 +26,13 @@ Set this to yes to make ssmtp identify i + TLSCert=<file> + Specify which certificate file should be used. + ++TLSKey=<file> ++Specify which key file should be used (can be the same as the certificate file). + +-TODO: +-* Check server certificate for changes and notify about it. +-* Diffrent Certificate and Key file? ++TLS_CA_File=<file> ++Optional file of trusted certificates for validating the server. ++ ++TLS_CA_Dir=<file> ++Optional directory of trusted certificates for validating the server. + + + |