[PATCH] Mail: send starttls flag value to auth script

Michael Kliewe info at phpgangsta.de
Thu Mar 6 17:03:25 UTC 2014

Hi Maxim,

On Mar 6, 2014, at 5:27 PM, Maxim Dounin wrote:

> Hello!
> On Thu, Mar 06, 2014 at 10:59:29AM +0100, Filipe da Silva wrote:
>> # HG changeset patch
>> # User Filipe da Silva <fdasilvayy at gmail.com>
>> # Date 1394099468 -3600
>> #      Thu Mar 06 10:51:08 2014 +0100
>> # Node ID 51fd90f96449c23af0076a19efbfdb1f88702125
>> # Parent  24df9fa5868957c1fb9a2d1569271e0958327dad
>> Mail: send starttls flag value to auth script.
>> Allow to do logging (if logging takes place in the auth script) and or force
>> some users to use STARTTLS while others can use unencrypted connection.
> I don't think that it's a good idea to pass STARTTLS into auth 
> script.  If at all needed, it should be something like a flag "if 
> SSL is used", not an explicit STARTTLS status.  From auth script 
> point of view there is no difference if a connection uses SSL on a 
> dedicated port or encryption was negotiated using STARTLS.

yes, it is needed ;-)

You are right, that would also be possible, the auth script then can check which port has been used, and then has the information if it has been STARTTLS or SSL. In our case we want to distinguish between STARTTLS and SSL in the auth script.

Both solutions are fine I think, so let's take Maxims ;-) (Sorry Filipe for the extra work)

Hope this easy patch gets into nginx then, we need it ;-)


More information about the nginx-devel mailing list