This has finally made it to the top of my list. If anybody has any new
comments they'd like to make, now is the time. I intend to add hooks
for calling the OpenSSL library, based on the patch that Steve Haslam posted
last December. The documentation for OpenSSL seems exceedingly sparse
(and the code hardly commented at all), which makes sample code all the
more valuable. Thanks, Steve! (He in turn looked at stunnel...)
When I have a server working, I will also add client support code,
controlled in the same sort of way as SMTP AUTH, but more strictly. In
the case of AUTH, it tries to send unauthenticated if it can't
authenticate; for TLS, I think it should not try to send if it can't
negotiate an encrypted connection.
The server end will also have controls like AUTH, requiring certain
hosts to use STARTTLS before they can do anything. Is there a
requirement to control relaying by this means?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
