From c83dcc2e3c0d291f8cf71dac6f900e72e630a554 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 1 Jan 2017 20:22:00 -0500 Subject: [PATCH] Fix post-STARTTLS protocol bug. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit After the TLS handshake, the server should *not* reply with a greeting again, but it should wait for an EHLO, per RFC 3207 § 4.2 & 5. Previously the server would re-send the greeting, which un-syncs the protocol. --- smtp/conn.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/smtp/conn.go b/smtp/conn.go index ca24c10..1837027 100644 --- a/smtp/conn.go +++ b/smtp/conn.go @@ -188,21 +188,17 @@ func (conn *connection) doSTARTTLS() { conn.log.Info("doSTARTTLS()") conn.writeReply(220, "initiate TLS connection") - newConn := tls.Server(conn.nc, tlsConfig) - tp := textproto.NewConn(newConn) - - err := tp.PrintfLine("220 %s ESMTPS [%s] (mailpopbox)", - conn.server.Name(), newConn.LocalAddr()) - if err != nil { + tlsConn := tls.Server(conn.nc, tlsConfig) + if err := tlsConn.Handshake(); err != nil { conn.log.Error("failed to do TLS handshake", zap.Error(err)) return } - conn.nc = newConn - conn.tp = tp + conn.nc = tlsConn + conn.tp = textproto.NewConn(tlsConn) conn.state = stateNew - connState := newConn.ConnectionState() + connState := tlsConn.ConnectionState() conn.tls = &connState conn.log.Info("TLS connection done", zap.String("state", conn.getTransportString())) -- 2.22.5