From 9883af7240d3c25b7a8a859c9e8482caacd5f1aa Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 15 Mar 2019 22:01:07 +0000 Subject: Retire EXPERIMENTAL_REQUIRETLS --- src/src/EDITME | 5 ---- src/src/acl.c | 18 ------------- src/src/child.c | 16 ----------- src/src/config.h.defaults | 1 - src/src/deliver.c | 5 ---- src/src/exim.c | 13 --------- src/src/expand.c | 3 --- src/src/globals.c | 5 ---- src/src/globals.h | 5 ---- src/src/macro_predef.c | 3 --- src/src/macros.h | 11 ++------ src/src/readconf.c | 3 --- src/src/smtp_in.c | 60 ------------------------------------------ src/src/spool_in.c | 7 ----- src/src/spool_out.c | 4 --- src/src/transports/smtp.c | 67 +++-------------------------------------------- src/src/verify.c | 7 ----- 17 files changed, 6 insertions(+), 227 deletions(-) (limited to 'src') diff --git a/src/src/EDITME b/src/src/EDITME index a5bc8d0aa..43cf13c81 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -514,11 +514,6 @@ DISABLE_MAL_MKS=yes # Uncomment the following line to add queuefile transport support # EXPERIMENTAL_QUEUEFILE=yes -# Uncomment the following to add REQUIRETLS support. -# You must also have SUPPORT_TLS enabled. -# Ref: https://datatracker.ietf.org/doc/draft-fenton-smtp-require-tls -# EXPERIMENTAL_REQUIRETLS=yes - ############################################################################### # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # ############################################################################### diff --git a/src/src/acl.c b/src/src/acl.c index 8fbd2250f..6168187ec 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -367,9 +367,6 @@ enum { CONTROL_NO_PIPELINING, CONTROL_QUEUE_ONLY, -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - CONTROL_REQUIRETLS, -#endif CONTROL_SUBMISSION, CONTROL_SUPPRESS_LOCAL_FIXUPS, #ifdef SUPPORT_I18N @@ -515,16 +512,6 @@ static control_def controls_list[] = { }, -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -[CONTROL_REQUIRETLS] = - { US"requiretls", FALSE, - (unsigned) - ~(ACL_BIT_MAIL | ACL_BIT_RCPT | ACL_BIT_PREDATA | - ACL_BIT_DATA | ACL_BIT_MIME | - ACL_BIT_NOTSMTP) - }, -#endif - [CONTROL_SUBMISSION] = { US"submission", TRUE, (unsigned) @@ -3168,11 +3155,6 @@ for (; cb; cb = cb->next) cancel_cutthrough_connection(TRUE, US"queueing forced"); break; -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - case CONTROL_REQUIRETLS: - tls_requiretls |= REQUIRETLS_MSG; - break; -#endif case CONTROL_SUBMISSION: originator_name = US""; f.submission_mode = TRUE; diff --git a/src/src/child.c b/src/src/child.c index 2262678eb..e53e448ed 100644 --- a/src/src/child.c +++ b/src/src/child.c @@ -10,10 +10,6 @@ static void (*oldsignal)(int); -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -static uschar tls_requiretls_copy = 0; -#endif - /************************************************* * Ensure an fd has a given value * @@ -79,10 +75,6 @@ int n = 0; int extra = pcount ? *pcount : 0; uschar **argv; -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -if (tls_requiretls) extra++; -#endif - argv = store_get((extra + acount + MAX_CLMACROS + 18) * sizeof(char *)); /* In all case, the list starts out with the path, any macros, and a changed @@ -129,11 +121,6 @@ if (!minimal) } } -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -if (tls_requiretls_copy & REQUIRETLS_MSG) - argv[n++] = US"-MS"; -#endif - /* Now add in any others that are in the call. Remember which they were, for more helpful diagnosis on failure. */ @@ -243,9 +230,6 @@ occur. */ if (pid == 0) { -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - tls_requiretls_copy = tls_requiretls; -#endif force_fd(pfd[pipe_read], 0); (void)close(pfd[pipe_write]); if (debug_fd > 0) force_fd(debug_fd, 2); diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 55688295d..dc69e2f89 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -201,7 +201,6 @@ Do not put spaces between # and the 'define'. #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds" #define EXPERIMENTAL_LMDB #define EXPERIMENTAL_PIPE_CONNECT -#define EXPERIMENTAL_REQUIRETLS #define EXPERIMENTAL_QUEUEFILE #define EXPERIMENTAL_SRS diff --git a/src/src/deliver.c b/src/src/deliver.c index 071187942..c1396a7f7 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -8507,11 +8507,6 @@ if (!regex_AUTH) regex_AUTH = #ifdef SUPPORT_TLS if (!regex_STARTTLS) regex_STARTTLS = regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); - -# ifdef EXPERIMENTAL_REQUIRETLS -if (!regex_REQUIRETLS) regex_REQUIRETLS = - regex_must_compile(US"\\n250[\\s\\-]REQUIRETLS(\\s|\\n|$)", FALSE, TRUE); -# endif #endif if (!regex_CHUNKING) regex_CHUNKING = diff --git a/src/src/exim.c b/src/src/exim.c index 8e700f711..7c9aa0e3f 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -903,9 +903,6 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_DSN_INFO fprintf(fp, " Experimental_DSN_info"); #endif -#ifdef EXPERIMENTAL_REQUIRETLS - fprintf(fp, " Experimental_REQUIRETLS"); -#endif #ifdef EXPERIMENTAL_PIPE_CONNECT fprintf(fp, " Experimental_PIPE_CONNECT"); #endif @@ -2710,16 +2707,6 @@ for (i = 1; i < argc; i++) break; } -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - /* -MS set REQUIRETLS on (new) message */ - - else if (*argrest == 'S') - { - tls_requiretls |= REQUIRETLS_MSG; - break; - } -#endif - /* -M[x]: various operations on the following list of message ids: -M deliver the messages, ignoring next retry times and thawing -Mc deliver the messages, checking next retry times, no thawing diff --git a/src/src/expand.c b/src/src/expand.c index d395436fa..2fc3a81f1 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -668,9 +668,6 @@ static var_entry var_table[] = { { "regex_match_string", vtype_stringptr, ®ex_match_string }, #endif { "reply_address", vtype_reply, NULL }, -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - { "requiretls", vtype_bool, &tls_requiretls }, -#endif { "return_path", vtype_stringptr, &return_path }, { "return_size_limit", vtype_int, &bounce_return_size_limit }, { "router_name", vtype_stringptr, &router_name }, diff --git a/src/src/globals.c b/src/src/globals.c index 94fab000d..f52ae92ce 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -161,11 +161,6 @@ uschar *tls_ocsp_file = NULL; uschar *tls_privatekey = NULL; BOOL tls_remember_esmtp = FALSE; uschar *tls_require_ciphers = NULL; -# ifdef EXPERIMENTAL_REQUIRETLS -uschar tls_requiretls = 0; /* REQUIRETLS_MSG etc. bit #defines */ -uschar *tls_advertise_requiretls = US"*"; -const pcre *regex_REQUIRETLS = NULL; -# endif uschar *tls_try_verify_hosts = NULL; uschar *tls_verify_certificates= US"system"; uschar *tls_verify_hosts = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 12cc1af56..a0c1977a2 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -122,11 +122,6 @@ extern uschar *tls_eccurve; /* EC curve */ extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ # endif extern uschar *tls_privatekey; /* Private key file */ -# ifdef EXPERIMENTAL_REQUIRETLS -extern uschar tls_requiretls; /* REQUIRETLS active for this message */ -extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */ -extern const pcre *regex_REQUIRETLS; /* for recognising the command */ -# endif extern BOOL tls_remember_esmtp; /* For YAEB */ extern uschar *tls_require_ciphers; /* So some can be avoided */ extern uschar *tls_try_verify_hosts; /* Optional client verification */ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index f92671ae2..86be52f54 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -197,9 +197,6 @@ due to conflicts with other common macros. */ #ifdef EXPERIMENTAL_DSN_INFO builtin_macro_create(US"_HAVE_DSN_INFO"); #endif -#ifdef EXPERIMENTAL_REQUIRETLS - builtin_macro_create(US"_HAVE_REQTLS"); -#endif #ifdef EXPERIMENTAL_PIPE_CONNECT builtin_macro_create(US"_HAVE_PIPE_CONNECT"); #endif diff --git a/src/src/macros.h b/src/src/macros.h index 759955019..a1dd99901 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -559,9 +559,7 @@ table exim_errstrings[] in log.c */ #ifdef SUPPORT_I18N # define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ #endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -# define ERRNO_REQUIRETLS (-50) /* REQUIRETLS session not started */ -#endif + /* -50 free for re-use */ /* These must be last, so all retry deferments can easily be identified */ @@ -1029,12 +1027,7 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; #define OPTION_PIPE BIT(5) #define OPTION_SIZE BIT(6) #define OPTION_CHUNKING BIT(7) -#define OPTION_REQUIRETLS BIT(8) -#define OPTION_EARLY_PIPE BIT(9) - -/* Codes for tls_requiretls requests (usually by sender) */ - -#define REQUIRETLS_MSG BIT(0) /* REQUIRETLS onward use */ +#define OPTION_EARLY_PIPE BIT(8) /* Argument for *_getc */ diff --git a/src/src/readconf.c b/src/src/readconf.c index eb6844222..71cdae899 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -355,9 +355,6 @@ static optionlist optionlist_config[] = { { "timezone", opt_stringptr, &timezone_string }, { "tls_advertise_hosts", opt_stringptr, &tls_advertise_hosts }, #ifdef SUPPORT_TLS -# ifdef EXPERIMENTAL_REQUIRETLS - { "tls_advertise_requiretls", opt_stringptr, &tls_advertise_requiretls }, -# endif { "tls_certificate", opt_stringptr, &tls_certificate }, { "tls_crl", opt_stringptr, &tls_crl }, { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index b071298c7..b46f3e876 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -135,9 +135,6 @@ static struct { BOOL auth_advertised :1; #ifdef SUPPORT_TLS BOOL tls_advertised :1; -# ifdef EXPERIMENTAL_REQUIRETLS - BOOL requiretls_advertised :1; -# endif #endif BOOL dsn_advertised :1; BOOL esmtp :1; @@ -267,9 +264,6 @@ enum { ENV_MAIL_OPT_RET, ENV_MAIL_OPT_ENVID, #ifdef SUPPORT_I18N ENV_MAIL_OPT_UTF8, -#endif -#ifdef EXPERIMENTAL_REQUIRETLS - ENV_MAIL_OPT_REQTLS, #endif }; typedef struct { @@ -289,10 +283,6 @@ static env_mail_type_t env_mail_type_list[] = { { US"ENVID", ENV_MAIL_OPT_ENVID, TRUE }, #ifdef SUPPORT_I18N { US"SMTPUTF8",ENV_MAIL_OPT_UTF8, FALSE }, /* rfc6531 */ -#endif -#ifdef EXPERIMENTAL_REQUIRETLS - /* https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03 */ - { US"REQUIRETLS",ENV_MAIL_OPT_REQTLS, FALSE }, #endif /* keep this the last entry */ { US"NULL", ENV_MAIL_OPT_NULL, FALSE }, @@ -2476,9 +2466,6 @@ tls_in.ourcert = tls_in.peercert = NULL; tls_in.sni = NULL; tls_in.ocsp = OCSP_NOT_REQ; fl.tls_advertised = FALSE; -# ifdef EXPERIMENTAL_REQUIRETLS -fl.requiretls_advertised = FALSE; -# endif #endif fl.dsn_advertised = FALSE; #ifdef SUPPORT_I18N @@ -4237,9 +4224,6 @@ while (done <= 0) f.smtp_in_pipelining_advertised = FALSE; #ifdef SUPPORT_TLS fl.tls_advertised = FALSE; -# ifdef EXPERIMENTAL_REQUIRETLS - fl.requiretls_advertised = FALSE; -# endif #endif fl.dsn_advertised = FALSE; #ifdef SUPPORT_I18N @@ -4439,17 +4423,6 @@ while (done <= 0) g = string_catn(g, US"-STARTTLS\r\n", 11); fl.tls_advertised = TRUE; } - -# ifdef EXPERIMENTAL_REQUIRETLS - /* Advertise REQUIRETLS only once we are in a secure connection */ - if ( tls_in.active.sock >= 0 - && verify_check_host(&tls_advertise_requiretls) != FAIL) - { - g = string_catn(g, smtp_code, 3); - g = string_catn(g, US"-REQUIRETLS\r\n", 13); - fl.requiretls_advertised = TRUE; - } -# endif #endif #ifndef DISABLE_PRDR @@ -4774,28 +4747,6 @@ while (done <= 0) break; #endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - case ENV_MAIL_OPT_REQTLS: - { - uschar * r, * t; - - if (!fl.requiretls_advertised) - { - done = synprot_error(L_smtp_syntax_error, 555, NULL, - US"unadvertised MAIL option: REQUIRETLS"); - goto COMMAND_LOOP; - } - - DEBUG(D_receive) debug_printf("requiretls requested\n"); - tls_requiretls = REQUIRETLS_MSG; - - r = string_copy_malloc(received_protocol); - if ((t = Ustrrchr(r, 's'))) *t = 'S'; - received_protocol = r; - } - break; -#endif - /* No valid option. Stick back the terminator characters and break the loop. Do the name-terminator second as extract_option sets value==name when it found no equal-sign. @@ -4813,17 +4764,6 @@ while (done <= 0) if (arg_error) break; } -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - if (tls_requiretls & REQUIRETLS_MSG) - { - /* Ensure headers-only bounces whether a RET option was given or not. */ - - DEBUG(D_receive) if (dsn_ret == dsn_ret_full) - debug_printf("requiretls override: dsn_ret_full -> dsn_ret_hdrs\n"); - dsn_ret = dsn_ret_hdrs; - } -#endif - /* If we have passed the threshold for rate limiting, apply the current delay, and update it for next time, provided this is a limited host. */ diff --git a/src/src/spool_in.c b/src/src/spool_in.c index c9f37abf1..786eb514e 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -286,9 +286,6 @@ tls_free_cert(&tls_in.peercert); tls_in.peerdn = NULL; tls_in.sni = NULL; tls_in.ocsp = OCSP_NOT_REQ; -# if defined(EXPERIMENTAL_REQUIRETLS) && !defined(COMPILE_UTILITY) -tls_requiretls = 0; -# endif #endif #ifdef WITH_CONTENT_SCAN @@ -670,10 +667,6 @@ for (;;) tls_in.sni = string_unprinting(string_copy(big_buffer + 9)); else if (Ustrncmp(q, "ocsp", 4) == 0) tls_in.ocsp = big_buffer[10] - '0'; -# if defined(EXPERIMENTAL_REQUIRETLS) && !defined(COMPILE_UTILITY) - else if (Ustrncmp(q, "requiretls", 10) == 0) - tls_requiretls = strtol(CS big_buffer+16, NULL, 0); -# endif } break; #endif diff --git a/src/src/spool_out.c b/src/src/spool_out.c index 8b227dedb..3970206cb 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -250,10 +250,6 @@ if (tls_in.ourcert) fprintf(fp, "-tls_ourcert %s\n", CS big_buffer); } if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp); - -# ifdef EXPERIMENTAL_REQUIRETLS -if (tls_requiretls) fprintf(fp, "-tls_requiretls 0x%x\n", tls_requiretls); -# endif #endif #ifdef SUPPORT_I18N diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 5fd278e1d..3558fa65c 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -992,7 +992,7 @@ if (pending_EHLO) ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths; peer_offered = ehlo_response(sx->buffer, - (tls_out.active.sock < 0 ? OPTION_TLS : OPTION_REQUIRETLS) + (tls_out.active.sock < 0 ? OPTION_TLS : 0) | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE | OPTION_UTF8 | OPTION_EARLY_PIPE ); @@ -1749,12 +1749,6 @@ size_t bsize = Ustrlen(buf); /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */ #ifdef SUPPORT_TLS -# ifdef EXPERIMENTAL_REQUIRETLS -if ( checks & OPTION_REQUIRETLS - && pcre_exec(regex_REQUIRETLS, NULL, CS buf,bsize, 0, PCRE_EOPT, NULL,0) < 0) -# endif - checks &= ~OPTION_REQUIRETLS; - if ( checks & OPTION_TLS && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) #endif @@ -2643,18 +2637,11 @@ have one. */ else if ( sx->smtps # ifdef SUPPORT_DANE || sx->conn_args.dane -# endif -# ifdef EXPERIMENTAL_REQUIRETLS - || tls_requiretls & REQUIRETLS_MSG # endif || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK ) { - errno = -# ifdef EXPERIMENTAL_REQUIRETLS - tls_requiretls & REQUIRETLS_MSG ? ERRNO_REQUIRETLS : -# endif - ERRNO_TLSREQUIRED; + errno = ERRNO_TLSREQUIRED; message = string_sprintf("a TLS session is required, but %s", smtp_peer_options & OPTION_TLS ? "an attempt to start TLS failed" : "the server did not offer TLS support"); @@ -2691,7 +2678,7 @@ if (continue_hostname == NULL #ifdef EXPERIMENTAL_PIPE_CONNECT | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0) | OPTION_DSN | OPTION_PIPE | OPTION_SIZE - | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 | OPTION_REQUIRETLS + | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */ #else @@ -2707,9 +2694,6 @@ if (continue_hostname == NULL | OPTION_DSN | OPTION_PIPE | (ob->size_addition >= 0 ? OPTION_SIZE : 0) -# if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - | (tls_requiretls & REQUIRETLS_MSG ? OPTION_REQUIRETLS : 0) -# endif #endif ); #ifdef EXPERIMENTAL_PIPE_CONNECT @@ -2760,16 +2744,6 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("%susing DSN\n", sx->peer_offered & OPTION_DSN ? "" : "not "); -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - if (sx->peer_offered & OPTION_REQUIRETLS) - { - smtp_peer_options |= OPTION_REQUIRETLS; - DEBUG(D_transport) debug_printf( - tls_requiretls & REQUIRETLS_MSG - ? "using REQUIRETLS\n" : "REQUIRETLS offered\n"); - } -#endif - #ifdef EXPERIMENTAL_PIPE_CONNECT if ( sx->early_pipe_ok && !sx->early_pipe_active @@ -2855,22 +2829,6 @@ if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8)) } #endif /*SUPPORT_I18N*/ -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - /*XXX should tls_requiretls actually be per-addr? */ - -if ( tls_requiretls & REQUIRETLS_MSG - && !(sx->peer_offered & OPTION_REQUIRETLS) - ) - { - sx->setting_up = TRUE; - errno = ERRNO_REQUIRETLS; - message = US"REQUIRETLS support is required from the server" - " but it was not offered"; - DEBUG(D_transport) debug_printf("%s\n", message); - goto TLS_FAILED; - } -#endif - return OK; @@ -2907,13 +2865,7 @@ return OK; #ifdef SUPPORT_TLS TLS_FAILED: -# ifdef EXPERIMENTAL_REQUIRETLS - if (errno == ERRNO_REQUIRETLS) - code = '5', yield = FAIL; - /*XXX DSN will be labelled 500; prefer 530 5.7.4 */ - else -# endif - code = '4', yield = DEFER; + code = '4', yield = DEFER; goto FAILED; #endif @@ -3051,11 +3003,6 @@ if ( sx->peer_offered & OPTION_UTF8 Ustrcpy(p, " SMTPUTF8"), p += 9; #endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -if (tls_requiretls & REQUIRETLS_MSG) - Ustrcpy(p, " REQUIRETLS") , p += 11; -#endif - /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */ for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0; addr && address_count < sx->max_rcpt; @@ -4568,12 +4515,6 @@ same one in order to be passed to a single transport - or if the transport has a host list with hosts_override set, use the host list supplied with the transport. It is an error for this not to exist. */ -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) -if (tls_requiretls & REQUIRETLS_MSG) - ob->tls_tempfail_tryclear = FALSE; /*XXX surely we should have a local for this - rather than modifying the transport? */ -#endif - if (!hostlist || (ob->hosts_override && ob->hosts)) { if (!ob->hosts) diff --git a/src/src/verify.c b/src/src/verify.c index 43caac562..7bdfa8152 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -985,13 +985,6 @@ no_conn: done = TRUE; } break; -#endif -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS) - case ERRNO_REQUIRETLS: - addr->user_message = US"530 5.7.4 REQUIRETLS support required"; - yield = FAIL; - done = TRUE; - break; #endif case ECONNREFUSED: sx.send_quit = FALSE; -- cgit v1.2.3