Retire EXPERIMENTAL_REQUIRETLS

author: Jeremy Harris <jgh146exb@wizmail.org> 2019-03-15 22:01:07 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-03-15 23:11:43 +0000
commit: 9883af7240d3c25b7a8a859c9e8482caacd5f1aa (patch)
tree: c2d2aa9fc1ffedb001f35afc24fdf317d589b2cb /src
parent: 6ce06eea5dcccf1615c6bbe52391f9c367de6cf7 (diff)
17 files changed, 6 insertions, 227 deletions
diff --git a/src/src/EDITME b/src/src/EDITME
index a5bc8d0aa..43cf13c81 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -514,11 +514,6 @@ DISABLE_MAL_MKS=yes
 # Uncomment the following line to add queuefile transport support
 # EXPERIMENTAL_QUEUEFILE=yes
 
-# Uncomment the following to add REQUIRETLS support.
-# You must also have SUPPORT_TLS enabled.
-# Ref: https://datatracker.ietf.org/doc/draft-fenton-smtp-require-tls
-# EXPERIMENTAL_REQUIRETLS=yes
-
 ###############################################################################
 #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
 ###############################################################################
diff --git a/src/src/acl.c b/src/src/acl.c
index 8fbd2250f..6168187ec 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -367,9 +367,6 @@ enum {
   CONTROL_NO_PIPELINING,
 
   CONTROL_QUEUE_ONLY,
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-  CONTROL_REQUIRETLS,
-#endif
   CONTROL_SUBMISSION,
   CONTROL_SUPPRESS_LOCAL_FIXUPS,
 #ifdef SUPPORT_I18N
@@ -515,16 +512,6 @@ static control_def controls_list[] = {
   },
 
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-[CONTROL_REQUIRETLS] =
-  { US"requiretls",		 FALSE,
-	  (unsigned)
-	  ~(ACL_BIT_MAIL | ACL_BIT_RCPT | ACL_BIT_PREDATA |
-	    ACL_BIT_DATA | ACL_BIT_MIME |
-	    ACL_BIT_NOTSMTP)
-  },
-#endif
-
 [CONTROL_SUBMISSION] =
   { US"submission",              TRUE,
 	  (unsigned)
@@ -3168,11 +3155,6 @@ for (; cb; cb = cb->next)
 	cancel_cutthrough_connection(TRUE, US"queueing forced");
 	break;
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-	case CONTROL_REQUIRETLS:
-	tls_requiretls |= REQUIRETLS_MSG;
-	break;
-#endif
 	case CONTROL_SUBMISSION:
 	originator_name = US"";
 	f.submission_mode = TRUE;
diff --git a/src/src/child.c b/src/src/child.c
index 2262678eb..e53e448ed 100644
--- a/src/src/child.c
+++ b/src/src/child.c
@@ -10,10 +10,6 @@
 
 static void (*oldsignal)(int);
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-static uschar tls_requiretls_copy = 0;
-#endif
-
 
 /*************************************************
 *          Ensure an fd has a given value        *
@@ -79,10 +75,6 @@ int n = 0;
 int extra = pcount ? *pcount : 0;
 uschar **argv;
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-if (tls_requiretls) extra++;
-#endif
-
 argv = store_get((extra + acount + MAX_CLMACROS + 18) * sizeof(char *));
 
 /* In all case, the list starts out with the path, any macros, and a changed
@@ -129,11 +121,6 @@ if (!minimal)
     }
   }
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-if (tls_requiretls_copy & REQUIRETLS_MSG)
-  argv[n++] = US"-MS";
-#endif
-
 /* Now add in any others that are in the call. Remember which they were,
 for more helpful diagnosis on failure. */
 
@@ -243,9 +230,6 @@ occur. */
 
 if (pid == 0)
   {
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-  tls_requiretls_copy = tls_requiretls;
-#endif
   force_fd(pfd[pipe_read], 0);
   (void)close(pfd[pipe_write]);
   if (debug_fd > 0) force_fd(debug_fd, 2);
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 55688295d..dc69e2f89 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -201,7 +201,6 @@ Do not put spaces between # and the 'define'.
     #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds"
 #define EXPERIMENTAL_LMDB
 #define EXPERIMENTAL_PIPE_CONNECT
-#define EXPERIMENTAL_REQUIRETLS
 #define EXPERIMENTAL_QUEUEFILE
 #define EXPERIMENTAL_SRS
 
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 071187942..c1396a7f7 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -8507,11 +8507,6 @@ if (!regex_AUTH) regex_AUTH =
 #ifdef SUPPORT_TLS
 if (!regex_STARTTLS) regex_STARTTLS =
   regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
-
-# ifdef EXPERIMENTAL_REQUIRETLS
-if (!regex_REQUIRETLS) regex_REQUIRETLS =
-  regex_must_compile(US"\\n250[\\s\\-]REQUIRETLS(\\s|\\n|$)", FALSE, TRUE);
-# endif
 #endif
 
 if (!regex_CHUNKING) regex_CHUNKING =
diff --git a/src/src/exim.c b/src/src/exim.c
index 8e700f711..7c9aa0e3f 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -903,9 +903,6 @@ fprintf(fp, "Support for:");
 #ifdef EXPERIMENTAL_DSN_INFO
   fprintf(fp, " Experimental_DSN_info");
 #endif
-#ifdef EXPERIMENTAL_REQUIRETLS
-  fprintf(fp, " Experimental_REQUIRETLS");
-#endif
 #ifdef EXPERIMENTAL_PIPE_CONNECT
   fprintf(fp, " Experimental_PIPE_CONNECT");
 #endif
@@ -2710,16 +2707,6 @@ for (i = 1; i < argc; i++)
       break;
       }
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-    /* -MS   set REQUIRETLS on (new) message */
-
-    else if (*argrest == 'S')
-      {
-      tls_requiretls |= REQUIRETLS_MSG;
-      break;
-      }
-#endif
-
     /* -M[x]: various operations on the following list of message ids:
        -M    deliver the messages, ignoring next retry times and thawing
        -Mc   deliver the messages, checking next retry times, no thawing
diff --git a/src/src/expand.c b/src/src/expand.c
index d395436fa..2fc3a81f1 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -668,9 +668,6 @@ static var_entry var_table[] = {
   { "regex_match_string",  vtype_stringptr,   &regex_match_string },
 #endif
   { "reply_address",       vtype_reply,       NULL },
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-  { "requiretls",          vtype_bool,        &tls_requiretls },
-#endif
   { "return_path",         vtype_stringptr,   &return_path },
   { "return_size_limit",   vtype_int,         &bounce_return_size_limit },
   { "router_name",         vtype_stringptr,   &router_name },
diff --git a/src/src/globals.c b/src/src/globals.c
index 94fab000d..f52ae92ce 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -161,11 +161,6 @@ uschar *tls_ocsp_file          = NULL;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
-# ifdef EXPERIMENTAL_REQUIRETLS
-uschar  tls_requiretls         = 0;	/* REQUIRETLS_MSG etc. bit #defines */
-uschar *tls_advertise_requiretls = US"*";
-const pcre *regex_REQUIRETLS   = NULL;
-# endif
 uschar *tls_try_verify_hosts   = NULL;
 uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_hosts       = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 12cc1af56..a0c1977a2 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -122,11 +122,6 @@ extern uschar *tls_eccurve;            /* EC curve */
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 # endif
 extern uschar *tls_privatekey;         /* Private key file */
-# ifdef EXPERIMENTAL_REQUIRETLS
-extern uschar  tls_requiretls;         /* REQUIRETLS active for this message */
-extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */
-extern const pcre *regex_REQUIRETLS;   /* for recognising the command */
-# endif
 extern BOOL    tls_remember_esmtp;     /* For YAEB */
 extern uschar *tls_require_ciphers;    /* So some can be avoided */
 extern uschar *tls_try_verify_hosts;   /* Optional client verification */
diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c
index f92671ae2..86be52f54 100644
--- a/src/src/macro_predef.c
+++ b/src/src/macro_predef.c
@@ -197,9 +197,6 @@ due to conflicts with other common macros. */
 #ifdef EXPERIMENTAL_DSN_INFO
   builtin_macro_create(US"_HAVE_DSN_INFO");
 #endif
-#ifdef EXPERIMENTAL_REQUIRETLS
-  builtin_macro_create(US"_HAVE_REQTLS");
-#endif
 #ifdef EXPERIMENTAL_PIPE_CONNECT
   builtin_macro_create(US"_HAVE_PIPE_CONNECT");
 #endif
diff --git a/src/src/macros.h b/src/src/macros.h
index 759955019..a1dd99901 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -559,9 +559,7 @@ table exim_errstrings[] in log.c */
 #ifdef SUPPORT_I18N
 # define ERRNO_UTF8_FWD      (-49)   /* target not supporting SMTPUTF8 */
 #endif
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-# define ERRNO_REQUIRETLS    (-50)   /* REQUIRETLS session not started */
-#endif
+				/* -50 free for re-use */
 
 /* These must be last, so all retry deferments can easily be identified */
 
@@ -1029,12 +1027,7 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE };
 #define OPTION_PIPE		BIT(5)
 #define OPTION_SIZE		BIT(6)
 #define OPTION_CHUNKING		BIT(7)
-#define OPTION_REQUIRETLS	BIT(8)
-#define OPTION_EARLY_PIPE	BIT(9)
-
-/* Codes for tls_requiretls requests (usually by sender) */
-
-#define REQUIRETLS_MSG		BIT(0)	/* REQUIRETLS onward use */
+#define OPTION_EARLY_PIPE	BIT(8)
 
 /* Argument for *_getc */
 
diff --git a/src/src/readconf.c b/src/src/readconf.c
index eb6844222..71cdae899 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -355,9 +355,6 @@ static optionlist optionlist_config[] = {
   { "timezone",                 opt_stringptr,   &timezone_string },
   { "tls_advertise_hosts",      opt_stringptr,   &tls_advertise_hosts },
 #ifdef SUPPORT_TLS
-# ifdef EXPERIMENTAL_REQUIRETLS
-  { "tls_advertise_requiretls", opt_stringptr,   &tls_advertise_requiretls },
-# endif
   { "tls_certificate",          opt_stringptr,   &tls_certificate },
   { "tls_crl",                  opt_stringptr,   &tls_crl },
   { "tls_dh_max_bits",          opt_int,         &tls_dh_max_bits },
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index b071298c7..b46f3e876 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -135,9 +135,6 @@ static struct {
   BOOL auth_advertised			:1;
 #ifdef SUPPORT_TLS
   BOOL tls_advertised			:1;
-# ifdef EXPERIMENTAL_REQUIRETLS
-  BOOL requiretls_advertised		:1;
-# endif
 #endif
   BOOL dsn_advertised			:1;
   BOOL esmtp				:1;
@@ -268,9 +265,6 @@ enum {
 #ifdef SUPPORT_I18N
   ENV_MAIL_OPT_UTF8,
 #endif
-#ifdef EXPERIMENTAL_REQUIRETLS
-  ENV_MAIL_OPT_REQTLS,
-#endif
   };
 typedef struct {
   uschar *   name;  /* option requested during MAIL cmd */
@@ -290,10 +284,6 @@ static env_mail_type_t env_mail_type_list[] = {
 #ifdef SUPPORT_I18N
     { US"SMTPUTF8",ENV_MAIL_OPT_UTF8,  FALSE },		/* rfc6531 */
 #endif
-#ifdef EXPERIMENTAL_REQUIRETLS
-    /* https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03 */
-    { US"REQUIRETLS",ENV_MAIL_OPT_REQTLS,  FALSE },
-#endif
     /* keep this the last entry */
     { US"NULL",   ENV_MAIL_OPT_NULL,   FALSE },
   };
@@ -2476,9 +2466,6 @@ tls_in.ourcert = tls_in.peercert = NULL;
 tls_in.sni = NULL;
 tls_in.ocsp = OCSP_NOT_REQ;
 fl.tls_advertised = FALSE;
-# ifdef EXPERIMENTAL_REQUIRETLS
-fl.requiretls_advertised = FALSE;
-# endif
 #endif
 fl.dsn_advertised = FALSE;
 #ifdef SUPPORT_I18N
@@ -4237,9 +4224,6 @@ while (done <= 0)
       f.smtp_in_pipelining_advertised = FALSE;
 #ifdef SUPPORT_TLS
       fl.tls_advertised = FALSE;
-# ifdef EXPERIMENTAL_REQUIRETLS
-      fl.requiretls_advertised = FALSE;
-# endif
 #endif
       fl.dsn_advertised = FALSE;
 #ifdef SUPPORT_I18N
@@ -4439,17 +4423,6 @@ while (done <= 0)
 	  g = string_catn(g, US"-STARTTLS\r\n", 11);
 	  fl.tls_advertised = TRUE;
 	  }
-
-# ifdef EXPERIMENTAL_REQUIRETLS
-	/* Advertise REQUIRETLS only once we are in a secure connection */
-	if (  tls_in.active.sock >= 0
-	   && verify_check_host(&tls_advertise_requiretls) != FAIL)
-	  {
-	  g = string_catn(g, smtp_code, 3);
-	  g = string_catn(g, US"-REQUIRETLS\r\n", 13);
-	  fl.requiretls_advertised = TRUE;
-	  }
-# endif
 #endif
 
 #ifndef DISABLE_PRDR
@@ -4774,28 +4747,6 @@ while (done <= 0)
 	    break;
 #endif
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-	  case ENV_MAIL_OPT_REQTLS:
-	    {
-	    uschar * r, * t;
-
-	    if (!fl.requiretls_advertised)
-	      {
-	      done = synprot_error(L_smtp_syntax_error, 555, NULL,
-		US"unadvertised MAIL option: REQUIRETLS");
-	      goto COMMAND_LOOP;
-	      }
-
-	    DEBUG(D_receive) debug_printf("requiretls requested\n");
-	    tls_requiretls = REQUIRETLS_MSG;
-
-	    r = string_copy_malloc(received_protocol);
-	    if ((t = Ustrrchr(r, 's'))) *t = 'S';
-	    received_protocol = r;
-	    }
-	    break;
-#endif
-
 	  /* No valid option. Stick back the terminator characters and break
 	  the loop.  Do the name-terminator second as extract_option sets
 	  value==name when it found no equal-sign.
@@ -4813,17 +4764,6 @@ while (done <= 0)
 	if (arg_error) break;
 	}
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-      if (tls_requiretls & REQUIRETLS_MSG)
-	{
-	/* Ensure headers-only bounces whether a RET option was given or not. */
-
-	DEBUG(D_receive) if (dsn_ret == dsn_ret_full)
-	  debug_printf("requiretls override: dsn_ret_full -> dsn_ret_hdrs\n");
-	dsn_ret = dsn_ret_hdrs;
-	}
-#endif
-
       /* If we have passed the threshold for rate limiting, apply the current
       delay, and update it for next time, provided this is a limited host. */
 
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index c9f37abf1..786eb514e 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -286,9 +286,6 @@ tls_free_cert(&tls_in.peercert);
 tls_in.peerdn = NULL;
 tls_in.sni = NULL;
 tls_in.ocsp = OCSP_NOT_REQ;
-# if defined(EXPERIMENTAL_REQUIRETLS) && !defined(COMPILE_UTILITY)
-tls_requiretls = 0;
-# endif
 #endif
 
 #ifdef WITH_CONTENT_SCAN
@@ -670,10 +667,6 @@ for (;;)
 	tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
       else if (Ustrncmp(q, "ocsp", 4) == 0)
 	tls_in.ocsp = big_buffer[10] - '0';
-# if defined(EXPERIMENTAL_REQUIRETLS) && !defined(COMPILE_UTILITY)
-      else if (Ustrncmp(q, "requiretls", 10) == 0)
-	tls_requiretls = strtol(CS big_buffer+16, NULL, 0);
-# endif
       }
     break;
 #endif
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 8b227dedb..3970206cb 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -250,10 +250,6 @@ if (tls_in.ourcert)
   fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
   }
 if (tls_in.ocsp)	 fprintf(fp, "-tls_ocsp %d\n",   tls_in.ocsp);
-
-# ifdef EXPERIMENTAL_REQUIRETLS
-if (tls_requiretls)	 fprintf(fp, "-tls_requiretls 0x%x\n", tls_requiretls);
-# endif
 #endif
 
 #ifdef SUPPORT_I18N
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 5fd278e1d..3558fa65c 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -992,7 +992,7 @@ if (pending_EHLO)
       ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
 
   peer_offered = ehlo_response(sx->buffer,
-	  (tls_out.active.sock < 0 ?  OPTION_TLS : OPTION_REQUIRETLS)
+	  (tls_out.active.sock < 0 ?  OPTION_TLS : 0)
 	| OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
 	| OPTION_UTF8 | OPTION_EARLY_PIPE
 	);
@@ -1749,12 +1749,6 @@ size_t bsize = Ustrlen(buf);
 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
 
 #ifdef SUPPORT_TLS
-# ifdef EXPERIMENTAL_REQUIRETLS
-if (  checks & OPTION_REQUIRETLS
-   && pcre_exec(regex_REQUIRETLS, NULL, CS buf,bsize, 0, PCRE_EOPT, NULL,0) < 0)
-# endif
-  checks &= ~OPTION_REQUIRETLS;
-
 if (  checks & OPTION_TLS
    && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
 #endif
@@ -2644,17 +2638,10 @@ else if (  sx->smtps
 # ifdef SUPPORT_DANE
 	|| sx->conn_args.dane
 # endif
-# ifdef EXPERIMENTAL_REQUIRETLS
-	|| tls_requiretls & REQUIRETLS_MSG
-# endif
 	|| verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
 	)
   {
-  errno =
-# ifdef EXPERIMENTAL_REQUIRETLS
-      tls_requiretls & REQUIRETLS_MSG ? ERRNO_REQUIRETLS :
-# endif
-      ERRNO_TLSREQUIRED;
+  errno = ERRNO_TLSREQUIRED;
   message = string_sprintf("a TLS session is required, but %s",
     smtp_peer_options & OPTION_TLS
     ? "an attempt to start TLS failed" : "the server did not offer TLS support");
@@ -2691,7 +2678,7 @@ if (continue_hostname == NULL
 #ifdef EXPERIMENTAL_PIPE_CONNECT
 	| (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
 	| OPTION_DSN | OPTION_PIPE | OPTION_SIZE
-	| OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 | OPTION_REQUIRETLS
+	| OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
 	| (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
 
 #else
@@ -2707,9 +2694,6 @@ if (continue_hostname == NULL
 	| OPTION_DSN
 	| OPTION_PIPE
 	| (ob->size_addition >= 0 ? OPTION_SIZE : 0)
-# if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-	| (tls_requiretls & REQUIRETLS_MSG ? OPTION_REQUIRETLS : 0)
-# endif
 #endif
       );
 #ifdef EXPERIMENTAL_PIPE_CONNECT
@@ -2760,16 +2744,6 @@ if (continue_hostname == NULL
     DEBUG(D_transport) debug_printf("%susing DSN\n",
 			sx->peer_offered & OPTION_DSN ? "" : "not ");
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-    if (sx->peer_offered & OPTION_REQUIRETLS)
-      {
-      smtp_peer_options |= OPTION_REQUIRETLS;
-      DEBUG(D_transport) debug_printf(
-	tls_requiretls & REQUIRETLS_MSG
-	? "using REQUIRETLS\n" : "REQUIRETLS offered\n");
-      }
-#endif
-
 #ifdef EXPERIMENTAL_PIPE_CONNECT
     if (  sx->early_pipe_ok
        && !sx->early_pipe_active
@@ -2855,22 +2829,6 @@ if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
   }
 #endif	/*SUPPORT_I18N*/
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-  /*XXX should tls_requiretls actually be per-addr? */
-
-if (  tls_requiretls & REQUIRETLS_MSG
-   && !(sx->peer_offered & OPTION_REQUIRETLS)
-   )
-  {
-  sx->setting_up = TRUE;
-  errno = ERRNO_REQUIRETLS;
-  message = US"REQUIRETLS support is required from the server"
-    " but it was not offered";
-  DEBUG(D_transport) debug_printf("%s\n", message);
-  goto TLS_FAILED;
-  }
-#endif
-
 return OK;
 
 
@@ -2907,13 +2865,7 @@ return OK;
 
 #ifdef SUPPORT_TLS
   TLS_FAILED:
-# ifdef EXPERIMENTAL_REQUIRETLS
-    if (errno == ERRNO_REQUIRETLS)
-      code = '5', yield = FAIL;
-      /*XXX DSN will be labelled 500; prefer 530 5.7.4 */
-    else
-# endif
-      code = '4', yield = DEFER;
+    code = '4', yield = DEFER;
     goto FAILED;
 #endif
 
@@ -3051,11 +3003,6 @@ if (  sx->peer_offered & OPTION_UTF8
   Ustrcpy(p, " SMTPUTF8"), p += 9;
 #endif
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-if (tls_requiretls & REQUIRETLS_MSG)
-  Ustrcpy(p, " REQUIRETLS") , p += 11;
-#endif
-
 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
      addr && address_count < sx->max_rcpt;
@@ -4568,12 +4515,6 @@ same one in order to be passed to a single transport - or if the transport has
 a host list with hosts_override set, use the host list supplied with the
 transport. It is an error for this not to exist. */
 
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-if (tls_requiretls & REQUIRETLS_MSG)
-  ob->tls_tempfail_tryclear = FALSE;	/*XXX surely we should have a local for this
-  					rather than modifying the transport? */
-#endif
-
 if (!hostlist || (ob->hosts_override && ob->hosts))
   {
   if (!ob->hosts)
diff --git a/src/src/verify.c b/src/src/verify.c
index 43caac562..7bdfa8152 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -986,13 +986,6 @@ no_conn:
 	}
 	break;
 #endif
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
-      case ERRNO_REQUIRETLS:
-        addr->user_message = US"530 5.7.4 REQUIRETLS support required";
-	yield = FAIL;
-	done = TRUE;
-	break;
-#endif
       case ECONNREFUSED:
 	sx.send_quit = FALSE;
 	break;
author	Jeremy Harris <jgh146exb@wizmail.org>	2019-03-15 22:01:07 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-03-15 23:11:43 +0000
commit	9883af7240d3c25b7a8a859c9e8482caacd5f1aa (patch)
tree	c2d2aa9fc1ffedb001f35afc24fdf317d589b2cb /src
parent	6ce06eea5dcccf1615c6bbe52391f9c367de6cf7 (diff)