I had forgotten that nesec_set_tls() has to be called AFTER the

descriptors are set.

diff --git a/mts/smtp/smtp.c b/mts/smtp/smtp.c
index ef2b00c28a44f5be22a738655496185539a5f818..6a7e8c3c7d4bb6cfb9a64d3c0ff62858708652e8 100644 (file)
--- a/mts/smtp/smtp.c
+++ b/mts/smtp/smtp.c
@@ -215,11 +215,6 @@ smtp_init (char *client, char *server, char *port, int watch, int verbose,
     if (user)
        netsec_set_userid(nsc, user);
 
     if (user)
        netsec_set_userid(nsc, user);
 

-    if (tls) {
-       if (netsec_set_tls(nsc, 1, &errstr) != OK)
-           return sm_nerror(errstr);
-    }
-

     if (sm_debug)
        netsec_set_snoop(nsc, 1);
 
     if (sm_debug)
        netsec_set_snoop(nsc, 1);
 


@@ -237,11 +232,18 @@ smtp_init (char *client, char *server, char *port, int watch, int verbose,
     if ((sd1 = rclient (server, port)) == NOTOK)
        return RP_BHST;
 
     if ((sd1 = rclient (server, port)) == NOTOK)
        return RP_BHST;
 

+#if 0

     SIGNAL (SIGALRM, alrmser);
     SIGNAL (SIGALRM, alrmser);

+#endif

     SIGNAL (SIGPIPE, SIG_IGN);
 
     netsec_set_fd(nsc, sd1, sd1);
 
     SIGNAL (SIGPIPE, SIG_IGN);
 
     netsec_set_fd(nsc, sd1, sd1);
 

+    if (tls) {
+       if (netsec_set_tls(nsc, 1, &errstr) != OK)
+           return sm_nerror(errstr);
+    }
+

     /*
      * If tls == 2, that means that the user requested "initial" TLS,
      * which happens right after the connection has opened.  Do that
     /*
      * If tls == 2, that means that the user requested "initial" TLS,
      * which happens right after the connection has opened.  Do that

diff --git a/uip/popsbr.c b/uip/popsbr.c
index 638fa4116b7f4bce3fb8a1728760be3da89b6cf9..70d710446a40deca875817fa080edd5b2eed7722 100644 (file)
--- a/uip/popsbr.c
+++ b/uip/popsbr.c
@@ -146,14 +146,6 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
     if (user)
        netsec_set_userid(nsc, user);
 
     if (user)
        netsec_set_userid(nsc, user);
 

-    if (tls) {
-       if (netsec_set_tls(nsc, 1, &errstr) != OK) {
-           snprintf(response, sizeof(response), "%s", errstr);
-           free(errstr);
-           return NOTOK;
-       }
-    }
-

     if (oauth_svc != NULL) {
        if (netsec_set_oauth_service(nsc, oauth_svc) != OK) {
            snprintf(response, sizeof(response), "OAuth2 not supported");
     if (oauth_svc != NULL) {
        if (netsec_set_oauth_service(nsc, oauth_svc) != OK) {
            snprintf(response, sizeof(response), "OAuth2 not supported");


@@ -222,6 +214,12 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
     netsec_set_snoop(nsc, snoop);
 
     if (tls) {
     netsec_set_snoop(nsc, snoop);
 
     if (tls) {

+       if (netsec_set_tls(nsc, 1, &errstr) != OK) {
+           snprintf(response, sizeof(response), "%s", errstr);
+           free(errstr);
+           return NOTOK;
+       }
+

        if (netsec_negotiate_tls(nsc, &errstr) != OK) {
            snprintf(response, sizeof(response), "%s", errstr);
            free(errstr);
        if (netsec_negotiate_tls(nsc, &errstr) != OK) {
            snprintf(response, sizeof(response), "%s", errstr);
            free(errstr);