shithub: riscv

Download patch

ref: 020b9bdd65d06b73e92264c4cfe96dd73be94aed
parent: 6cd07cf340af12356ca4558cb8fad5ed3ebc41d1
author: Ori Bernstein <[email protected]>
date: Sat May 18 14:47:36 EDT 2024

upas/smtp: add -C flag to disable thumbprint verification (thanks sirjofri)

--- a/sys/man/8/smtp
+++ b/sys/man/8/smtp
@@ -6,7 +6,7 @@
 .ti -0.5i
 .B upas/smtp
 [
-.B -aAdfipst
+.B -aACdfipst
 ] [
 .B -b
 .I busted-mx
@@ -80,6 +80,9 @@
 .I busted-mx
 when trying MX hosts.
 May be repeated.
+.TP
+.B -C
+ignore bad thumbprints for TLS connections.
 .TP
 .B -d
 turn on debugging to standard error.
--- a/sys/src/cmd/upas/smtp/smtp.c
+++ b/sys/src/cmd/upas/smtp/smtp.c
@@ -46,6 +46,7 @@
 int	quitting;	/* when error occurs in quit */
 int	tryauth;	/* Try to authenticate, if supported */
 int	trysecure;	/* Try to use TLS if the other side supports it */
+int	nocertcheck; /* ignore unrecognized certs. Still logged */
 
 char	*quitrv;	/* deferred return value when in quit */
 char	ddomain[1024];	/* domain name of destination machine */
@@ -85,7 +86,7 @@
 void
 usage(void)
 {
-	fprint(2, "usage: smtp [-aAdfipst] [-b busted-mx] [-g gw] [-h host] "
+	fprint(2, "usage: smtp [-aACdfipst] [-b busted-mx] [-g gw] [-h host] "
 		"[-u user] [.domain] net!host[!service] sender rcpt-list\n");
 	exits(Giveup);
 }
@@ -187,6 +188,9 @@
 	case 'u':
 		user = EARGF(usage());
 		break;
+	case 'C':
+		nocertcheck = 1;
+		break;
 	default:
 		usage();
 		break;
@@ -414,6 +418,12 @@
 	fd = dup(fd, Bfildes(&bin));
 	Bterm(&bin);
 	Binit(&bin, fd, OREAD);
+
+	if (nocertcheck) {
+		syslog(0, "smtp", "ignoring cert for %s", ddomain);
+		err = nil;
+		goto Out;
+	}
 
 	goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs, "x509");
 	if (goodcerts == nil) {