From: Jean-Marc Pigeon (Delson) <jmp@safe.ca>
Date: Sun, 4 May 2025 14:40:02 +0000 (-0400)
Subject: feed00.tst seems to be working fine
X-Git-Tag: tag-0.7
X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=fc525ac11d28454c0a2d39eb30c882802bd4f7e5;p=jmp%2Fmailleur

feed00.tst seems to be working fine
---

diff --git a/data-tst/feed00.tst b/data-tst/feed00.tst
index 56be703..c68c2c5 100644
--- a/data-tst/feed00.tst
+++ b/data-tst/feed00.tst
@@ -14,14 +14,22 @@ R:220 mailleur.example.com ESMTP (cleartext) emlrcvr...
 S:EHLO example.com
 R:250-mailleur.example.com, link (cleartext) ready, your IP/FQDN=[127.0.0.1/localhost.localdomain]
 R:250-SIZE 52428800
-R:250-ORGN
 R:250-STARTTLS
 R:250-8BITMIME
 R:250-ENHANCEDSTATUSCODES
 R:250-AUTH PLAIN LOGIN
+R:250-ORGN
 R:250 HELP
 C:GOTLS
 R:250 Link now encryp...
+S:EHLO example.com
+R:250-mailleur.example.com, link (crypted) ready, your IP/FQDN=[127.0.0.1/localhost.localdomain]
+R:250-SIZE 52428800
+R:250-8BITMIME
+R:250-ENHANCEDSTATUSCODES
+R:250-AUTH PLAIN LOGIN
+R:250-ORGN
+R:250 HELP
 #send a empty ehlo
 S:EHLO
 R:501 5.5.4 syntax error (domain part missing), closing connection.
diff --git a/lib/lvleml.c b/lib/lvleml.c
index d7a2e07..95c6f5e 100644
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -206,13 +206,13 @@ static _Bool doehlo(CONTYP *contact,char *parameter)
 
 {
 static char *ehlostr[]= {
-#ifdef  MODEDEBUG
-        "-ORGN",        //specific command to change ORIGIN IP
-#endif
         "-STARTTLS",
         "-8BITMIME",
         "-ENHANCEDSTATUSCODES",
         "-AUTH PLAIN LOGIN",
+#ifdef  MODEDEBUG
+        "-ORGN",        //specific command to change ORIGIN IP
+#endif
         " HELP",
         (char *)0
         };
diff --git a/lib/unitls.c b/lib/unitls.c
index ffe6bfa..99415d0 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -201,9 +201,11 @@ while (proceed==true) {
         }
       break;
     case 3      :       //verify management
-      (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY);
+      if (((mode&SSL_VERIFY_PEER)!=0)||(tls->server==false))
+        tls->checkpeer=true;
       (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0);
-      (void) SSL_CTX_set_verify_depth(tls->ctx,5);
+      (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY);
+      (void) SSL_CTX_set_verify_depth(tls->ctx,7);
       (void) SSL_CTX_set_options(tls->ctx,SSL_OP_ALL);
       if (SSL_CTX_set_cipher_list(tls->ctx,SSL_CIPHER_LIST)==0) {
         (void) showtlserror(tls,0,"No cipher list");
@@ -372,8 +374,6 @@ while (proceed==true) {
         }
       }
       break;
-    case 5      :       //display cipher used
-      break;
     default     :       //SAFE Guard
       proceed=false;
       break;