From d4d9653b5401b28dd88a84bd1bf1d269b8acccf6 Mon Sep 17 00:00:00 2001 From: Thomas Rast Date: Sun, 1 Dec 2013 23:48:41 +0100 Subject: [PATCH 1/3] send-email: pass Debug to Net::SMTP::SSL::new We forgot to pass the Debug option through to Net::SMTP::SSL->new -- which is the same as Net::SMTP->new. This meant that with security set to SSL, we would never enable debug output. Pass through the flag. Signed-off-by: Thomas Rast Signed-off-by: Junio C Hamano --- git-send-email.perl | 1 + 1 file changed, 1 insertion(+) diff --git a/git-send-email.perl b/git-send-email.perl index 3782c3b0cb..f7468b6366 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -1217,6 +1217,7 @@ X-Mailer: git-send-email $gitversion $smtp ||= Net::SMTP::SSL->new($smtp_server, Hello => $smtp_domain, Port => $smtp_server_port, + Debug => $debug_net_smtp, ssl_verify_params()); } else { From 979e652a18eea8e865777239f11c89795d969211 Mon Sep 17 00:00:00 2001 From: Thomas Rast Date: Sun, 1 Dec 2013 23:48:42 +0100 Subject: [PATCH 2/3] send-email: --smtp-ssl-cert-path takes an argument 35035bb (send-email: be explicit with SSL certificate verification, 2013-07-18) forgot to specify that --smtp-ssl-cert-path takes a string argument. This means that the option could not actually be used as intended. Presumably noone noticed because it's much easier to set it through configs anyway. Add the required "=s". Signed-off-by: Thomas Rast Signed-off-by: Junio C Hamano --- git-send-email.perl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-send-email.perl b/git-send-email.perl index f7468b6366..9f31c68b82 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -291,7 +291,7 @@ my $rc = GetOptions("h" => \$help, "smtp-pass:s" => \$smtp_authpass, "smtp-ssl" => sub { $smtp_encryption = 'ssl' }, "smtp-encryption=s" => \$smtp_encryption, - "smtp-ssl-cert-path" => \$smtp_ssl_cert_path, + "smtp-ssl-cert-path=s" => \$smtp_ssl_cert_path, "smtp-debug:i" => \$debug_net_smtp, "smtp-domain:s" => \$smtp_domain, "identity=s" => \$identity, From 5508f3ed2c1cdb515e658cfc29ca0d5cd6683190 Mon Sep 17 00:00:00 2001 From: Thomas Rast Date: Sun, 1 Dec 2013 23:48:43 +0100 Subject: [PATCH 3/3] send-email: set SSL options through IO::Socket::SSL::set_client_defaults When --smtp-encryption=ssl, we use a Net::SMTP::SSL connection, passing its ->new all the options that would otherwise go to Net::SMTP->new (most options) and IO::Socket::SSL->start_SSL (for the SSL options). However, while Net::SMTP::SSL replaces the underlying socket class with an SSL socket, it does nothing to allow passing options to that socket. So the SSL-relevant options are lost. Fortunately there is an escape hatch: we can directly set the options with IO::Socket::SSL::set_client_defaults. They will then persist within the IO::Socket::SSL module. Signed-off-by: Thomas Rast Signed-off-by: Junio C Hamano --- git-send-email.perl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/git-send-email.perl b/git-send-email.perl index 9f31c68b82..2016d9c619 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -1214,11 +1214,14 @@ X-Mailer: git-send-email $gitversion $smtp_server_port ||= 465; # ssmtp require Net::SMTP::SSL; $smtp_domain ||= maildomain(); + require IO::Socket::SSL; + # Net::SMTP::SSL->new() does not forward any SSL options + IO::Socket::SSL::set_client_defaults( + ssl_verify_params()); $smtp ||= Net::SMTP::SSL->new($smtp_server, Hello => $smtp_domain, Port => $smtp_server_port, - Debug => $debug_net_smtp, - ssl_verify_params()); + Debug => $debug_net_smtp); } else { require Net::SMTP;