From: Andrej Kacian <ticho@claws-mail.org>
Date: Thu, 13 Apr 2017 07:06:30 +0000 (+0200)
Subject: Assume direct TLS if SMTP autoconfig finds port 465.
X-Git-Tag: 3.16.0~175
X-Git-Url: http://git.claws-mail.org/?p=claws.git;a=commitdiff_plain;h=dbec2c7256e5397238932f3d228dcb1eaf4e8d40;ds=sidebyside

Assume direct TLS if SMTP autoconfig finds port 465.

Technically, this is incorrect:
A direct TLS-only SMTP service is against the standards,
and a "_submission._tcp" SRV record should have a port
that has a plaintext+STARTTLS service listening
(RFC 6186, section 3.1).

Port 465 shouldn't even be used for mail submission of
any kind, according to IANA:
(https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=465)

However, everyone ignores that, and port 465 is routinely
used for TLS-only SMTP service, and therefore it is safe to
assume direct TLS instead of STARTTLS.
---

diff --git a/src/gtk/gtkutils.c b/src/gtk/gtkutils.c
index 4500e0a73..f3c7aba38 100644
--- a/src/gtk/gtkutils.c
+++ b/src/gtk/gtkutils.c
@@ -1879,6 +1879,8 @@ GdkPixbuf *claws_load_pixbuf_fitting(GdkPixbuf *src_pixbuf, int box_width,
 #if (defined USE_GNUTLS && GLIB_CHECK_VERSION(2,22,0))
 static void auto_configure_done(const gchar *hostname, gint port, gboolean ssl, AutoConfigureData *data)
 {
+	gboolean smtp = strcmp(data->tls_service, "submission") == 0 ? TRUE : FALSE;
+
 	if (hostname != NULL) {
 		if (data->hostname_entry)
 			gtk_entry_set_text(data->hostname_entry, hostname);
@@ -1904,7 +1906,15 @@ static void auto_configure_done(const gchar *hostname, gint port, gboolean ssl,
 				/* Wizard where TLS is [x]SSL + [x]TLS */
 				gtk_toggle_button_set_active(data->ssl_checkbtn, TRUE);
 			}
-			gtk_toggle_button_set_active(data->tls_checkbtn, TRUE);
+
+			/* Even though technically this is against the RFCs,
+			 * if a "_submission._tcp" SRV record uses port 465,
+			 * it is safe to assume TLS-only service, instead of
+			 * plaintext + STARTTLS one. */
+			if (smtp && port == 465)
+				gtk_toggle_button_set_active(data->ssl_checkbtn, TRUE);
+			else
+				gtk_toggle_button_set_active(data->tls_checkbtn, TRUE);
 		}
 
 		/* Check authentication by default. This is probably required if
diff --git a/src/prefs_account.c b/src/prefs_account.c
index 85207840a..30c3d0abe 100644
--- a/src/prefs_account.c
+++ b/src/prefs_account.c
@@ -4016,7 +4016,7 @@ static void auto_configure_cb (GtkWidget *widget, gpointer data)
 	send_data->set_port = GTK_TOGGLE_BUTTON(advanced_page.smtpport_checkbtn);
 	send_data->port = GTK_SPIN_BUTTON(advanced_page.smtpport_spinbtn);
 	send_data->tls_checkbtn = GTK_TOGGLE_BUTTON(ssl_page.smtp_starttls_radiobtn);
-	send_data->ssl_checkbtn = NULL;
+	send_data->ssl_checkbtn = GTK_TOGGLE_BUTTON(ssl_page.smtp_ssltunnel_radiobtn);
 	send_data->default_port = 25;
 	send_data->default_ssl_port = -1;
 	send_data->uid_entry = NULL;