mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-20 15:07:03 +00:00
643f7576f0
When using STARTTLS, the SMTP courier needs to determine whether the server certificates are valid or not. Today, that's implemented via connecting once with full certificate verification, and if that fails, reconnecting with verification disabled. This works okay in practice, but it is slower on insecure servers (due to the reconnection), and some of them even complain because we connect too frequently, causing delivery problems. The latter has only been observed once, on the drv-berlin-brandenburg.de MX servers. To improve on that situation, this patch makes the courier do the TLS connection only once, and uses the verification results directly. The behaviour of the server is otherwise unchanged. The only difference is that when delivering mail to servers that have invalid certificates, we now connect once instead of twice. The tests are expanded to increase coverage for this particular case.