ref: 020b9bdd65d06b73e92264c4cfe96dd73be94aed
parent: 6cd07cf340af12356ca4558cb8fad5ed3ebc41d1
author: Ori Bernstein <ori@eigenstate.org>
date: Sat May 18 14:47:36 EDT 2024
upas/smtp: add -C flag to disable thumbprint verification (thanks sirjofri)
--- a/sys/man/8/smtp
+++ b/sys/man/8/smtp
@@ -6,7 +6,7 @@
.ti -0.5i
.B upas/smtp
[
-.B -aAdfipst
+.B -aACdfipst
] [
.B -b
.I busted-mx
@@ -80,6 +80,9 @@
.I busted-mx
when trying MX hosts.
May be repeated.
+.TP
+.B -C
+ignore bad thumbprints for TLS connections.
.TP
.B -d
turn on debugging to standard error.
--- a/sys/src/cmd/upas/smtp/smtp.c
+++ b/sys/src/cmd/upas/smtp/smtp.c
@@ -46,6 +46,7 @@
int quitting; /* when error occurs in quit */
int tryauth; /* Try to authenticate, if supported */
int trysecure; /* Try to use TLS if the other side supports it */
+int nocertcheck; /* ignore unrecognized certs. Still logged */
char *quitrv; /* deferred return value when in quit */
char ddomain[1024]; /* domain name of destination machine */
@@ -85,7 +86,7 @@
void
usage(void)
{- fprint(2, "usage: smtp [-aAdfipst] [-b busted-mx] [-g gw] [-h host] "
+ fprint(2, "usage: smtp [-aACdfipst] [-b busted-mx] [-g gw] [-h host] "
"[-u user] [.domain] net!host[!service] sender rcpt-list\n");
exits(Giveup);
}
@@ -187,6 +188,9 @@
case 'u':
user = EARGF(usage());
break;
+ case 'C':
+ nocertcheck = 1;
+ break;
default:
usage();
break;
@@ -414,6 +418,12 @@
fd = dup(fd, Bfildes(&bin));
Bterm(&bin);
Binit(&bin, fd, OREAD);
+
+ if (nocertcheck) {+ syslog(0, "smtp", "ignoring cert for %s", ddomain);
+ err = nil;
+ goto Out;
+ }
goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs, "x509");
if (goodcerts == nil) {