Refactor STARTTLS to prevent downgrade attacks
This commit is contained in:
parent
23650ac0c7
commit
eec2bacede
1 changed files with 27 additions and 23 deletions
|
@ -84,6 +84,12 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
|
||||||
|
|
||||||
aerc.RemoveTab(composer)
|
aerc.RemoveTab(composer)
|
||||||
|
|
||||||
|
fmt.Println(config.Params)
|
||||||
|
var starttls bool
|
||||||
|
if starttls_, ok := config.Params["smtp-starttls"]; ok {
|
||||||
|
starttls = starttls_ == "yes"
|
||||||
|
}
|
||||||
|
|
||||||
sendAsync := func() (int, error) {
|
sendAsync := func() (int, error) {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
// TODO: ask user first
|
// TODO: ask user first
|
||||||
|
@ -97,17 +103,25 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
|
||||||
}
|
}
|
||||||
conn, err = smtp.Dial(host)
|
conn, err = smtp.Dial(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
if sup, _ := conn.Extension("STARTTLS"); sup {
|
if sup, _ := conn.Extension("STARTTLS"); sup {
|
||||||
// TODO: let user configure tls?
|
if !starttls {
|
||||||
|
err := errors.New("STARTTLS is supported by this server, " +
|
||||||
|
"but not set in accounts.conf. " +
|
||||||
|
"Add smtp-starttls=yes")
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
if err = conn.StartTLS(tlsConfig); err != nil {
|
if err = conn.StartTLS(tlsConfig); err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
}
|
||||||
return 0, nil
|
} else {
|
||||||
|
if starttls {
|
||||||
|
err := errors.New("STARTTLS requested, but not supported " +
|
||||||
|
"by this SMTP server. Is someone tampering with your " +
|
||||||
|
"connection?")
|
||||||
|
return 0, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
case "smtps":
|
case "smtps":
|
||||||
|
@ -117,9 +131,7 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
|
||||||
}
|
}
|
||||||
conn, err = smtp.DialTLS(host, tlsConfig)
|
conn, err = smtp.DialTLS(host, tlsConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
}
|
}
|
||||||
|
@ -127,29 +139,21 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
|
||||||
// TODO: sendmail
|
// TODO: sendmail
|
||||||
if saslClient != nil {
|
if saslClient != nil {
|
||||||
if err = conn.Auth(saslClient); err != nil {
|
if err = conn.Auth(saslClient); err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// TODO: the user could conceivably want to use a different From and sender
|
// TODO: the user could conceivably want to use a different From and sender
|
||||||
if err = conn.Mail(from.Address); err != nil {
|
if err = conn.Mail(from.Address); err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
for _, rcpt := range rcpts {
|
for _, rcpt := range rcpts {
|
||||||
if err = conn.Rcpt(rcpt); err != nil {
|
if err = conn.Rcpt(rcpt); err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
wc, err := conn.Data()
|
wc, err := conn.Data()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
return 0, err
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
defer wc.Close()
|
defer wc.Close()
|
||||||
ctr := datacounter.NewWriterCounter(wc)
|
ctr := datacounter.NewWriterCounter(wc)
|
||||||
|
@ -161,7 +165,7 @@ func SendMessage(aerc *widgets.Aerc, args []string) error {
|
||||||
aerc.SetStatus("Sending...")
|
aerc.SetStatus("Sending...")
|
||||||
nbytes, err := sendAsync()
|
nbytes, err := sendAsync()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
aerc.PushStatus(" "+err.Error(), 10*time.Second).
|
aerc.SetStatus(" "+err.Error()).
|
||||||
Color(tcell.ColorDefault, tcell.ColorRed)
|
Color(tcell.ColorDefault, tcell.ColorRed)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue