On Tue, Jul 30, 2024 at 01:17:00PM +0100, Jeremy Harris via Exim-users wrote:
> On 30/07/2024 12:52, Andrew C Aitchison via Exim-users wrote:
> > *If* I extended the config to allow admins to set the OpenSSL option
> > SSL_OP_IGNORE_UNEXPECTED_EOF (and an equivalent gnutls option if I can
> > find one) which ignores this detection, would you accept it into the
> > exim code base ?
>
> Probably - subject to documentation, working decently against older library
> versions, project coding standards, and investigating whether existing
> coding does anything in any (other) specific situation that renders it not needed.
>
> > I realise that giving admins more options to fiddle gives them more
> > rope to hang themselves, so this would be a build-time option.
>
> Mmm. I'm less certain on that. Having more build-variants to test is
> in itself a major project cost.
FWIW, my take is that SSL_OP_IGNORE_UNEXPECTED_EOF makes most sense
as unconditional behaviour. Just supress the overly pedantic (for SMTP)
error reporting that was added in OpenSSL 3.0, restoring the quieter
reasonably (again for SMTP) behaviour of OpenSSL 1.x.
If there is similar TLS truncation detection to silence in GnuTLS, feel
free to apply similar logic, and I'd again recommend making it silent
unconditionally, no need for build variants.
--
Viktor.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/