From: Ken Hornstein <kenh@pobox.com>
Date: Thu, 22 Sep 2016 23:05:39 +0000 (-0400)
Subject: I had forgotten that nesec_set_tls() has to be called AFTER the
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/83ffa51bdfbcf4e1f93e57fb64d57ddbeeeb2304?ds=sidebyside;hp=--cc

I had forgotten that nesec_set_tls() has to be called AFTER the
descriptors are set.
---

83ffa51bdfbcf4e1f93e57fb64d57ddbeeeb2304
diff --git a/mts/smtp/smtp.c b/mts/smtp/smtp.c
index ef2b00c2..6a7e8c3c 100644
--- a/mts/smtp/smtp.c
+++ b/mts/smtp/smtp.c
@@ -215,11 +215,6 @@ smtp_init (char *client, char *server, char *port, int watch, int verbose,
     if (user)
 	netsec_set_userid(nsc, user);
 
-    if (tls) {
-	if (netsec_set_tls(nsc, 1, &errstr) != OK)
-	    return sm_nerror(errstr);
-    }
-
     if (sm_debug)
 	netsec_set_snoop(nsc, 1);
 
@@ -237,11 +232,18 @@ smtp_init (char *client, char *server, char *port, int watch, int verbose,
     if ((sd1 = rclient (server, port)) == NOTOK)
 	return RP_BHST;
 
+#if 0
     SIGNAL (SIGALRM, alrmser);
+#endif
     SIGNAL (SIGPIPE, SIG_IGN);
 
     netsec_set_fd(nsc, sd1, sd1);
 
+    if (tls) {
+	if (netsec_set_tls(nsc, 1, &errstr) != OK)
+	    return sm_nerror(errstr);
+    }
+
     /*
      * If tls == 2, that means that the user requested "initial" TLS,
      * which happens right after the connection has opened.  Do that
diff --git a/uip/popsbr.c b/uip/popsbr.c
index 638fa411..70d71044 100644
--- a/uip/popsbr.c
+++ b/uip/popsbr.c
@@ -146,14 +146,6 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
     if (user)
 	netsec_set_userid(nsc, user);
 
-    if (tls) {
-	if (netsec_set_tls(nsc, 1, &errstr) != OK) {
-	    snprintf(response, sizeof(response), "%s", errstr);
-	    free(errstr);
-	    return NOTOK;
-	}
-    }
-
     if (oauth_svc != NULL) {
 	if (netsec_set_oauth_service(nsc, oauth_svc) != OK) {
 	    snprintf(response, sizeof(response), "OAuth2 not supported");
@@ -222,6 +214,12 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
     netsec_set_snoop(nsc, snoop);
 
     if (tls) {
+	if (netsec_set_tls(nsc, 1, &errstr) != OK) {
+	    snprintf(response, sizeof(response), "%s", errstr);
+	    free(errstr);
+	    return NOTOK;
+	}
+
 	if (netsec_negotiate_tls(nsc, &errstr) != OK) {
 	    snprintf(response, sizeof(response), "%s", errstr);
 	    free(errstr);