SubethaSMTP currently supports only SSLSocket.setNeedClientAuth() to perform SSL client authentication.
Calling setWantClientAuth() requests a client certificate of the peer but do not insist on it; so it is possible to support clients with or without SSL authentication within the same listener.
SubethaSMTP needs only a very simple patch to allow that:
--- src/subethasmtp/org/subethamail/smtp/command/StartTLSCommand.java
+++ src/subethasmtp/org/subethamail/smtp/command/StartTLSCommand.java
@@ -63,7 +63,7 @@
sess.resetSmtpProtocol(); // clean state
sess.setTlsStarted(true);
- if (s.getNeedClientAuth())
+ if (s.getNeedClientAuth() || s.getWantClientAuth())
{
try
{
This patch will not have any effect as long as "setWantClientAuth()" is not called on the socket.
SubethaSMTP currently supports only SSLSocket.setNeedClientAuth() to perform SSL client authentication. Calling setWantClientAuth() requests a client certificate of the peer but do not insist on it; so it is possible to support clients with or without SSL authentication within the same listener.
SubethaSMTP needs only a very simple patch to allow that:
This patch will not have any effect as long as "setWantClientAuth()" is not called on the socket.