git-send-email: add support for TLS via Net::SMTP::SSL

We do this by handing over the Net::SMTP instance to Net::SMTP::SSL,
which avoids Net::SMTP::TLS and its weird error checking.  This trick
is due to Brian Evins.

Signed-off-by: Thomas Rast <trast@student.ethz.ch>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 251d661afd9fc93b556e2673b202523dd30383c6..dc7eb7bd4ef81a1272ba272678d8da4a330eb543 100644 (file)
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -133,10 +133,13 @@ or on the command line. If a username has been specified (with
 specified (with --smtp-pass or a configuration variable), then the
 user is prompted for a password while the input is masked for privacy.
 
+--smtp-encryption::
+       Specify the encryption to use, either 'ssl' or 'tls'.  Any other
+       value reverts to plain SMTP.  Default is the value of
+       'sendemail.smtpencryption'.
+
 --smtp-ssl::
-       If set, connects to the SMTP server using SSL.
-       Default is the value of the 'sendemail.smtpssl' configuration value;
-       if that is unspecified, does not use SSL.
+       Legacy alias for '--smtp-encryption=ssl'.
 
 --subject::
        Specify the initial subject of the email thread.
@@ -229,8 +232,13 @@ sendemail.smtpuser::
 sendemail.smtppass::
        Default SMTP-AUTH password.
 
+sendemail.smtpencryption::
+       Default encryption method.  Use 'ssl' for SSL (and specify an
+       appropriate port), or 'tls' for TLS.  Takes precedence over
+       'smtpssl' if both are specified.
+
 sendemail.smtpssl::
-       Boolean value specifying the default to the '--smtp-ssl' parameter.
+       Legacy boolean that sets 'smtpencryption=ssl' if enabled.
 
 Author
 ------

diff --git a/git-send-email.perl b/git-send-email.perl
index 0b04ba32f0399d338be587ac2d9ad4620705c9a1..763072042db808f5bf4e26c6080a0e7660ff9518 100755 (executable)
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -84,7 +84,10 @@ Options:
 
    --smtp-pass    The password for SMTP-AUTH.
 
-   --smtp-ssl     If set, connects to the SMTP server using SSL.
+   --smtp-encryption Specify 'tls' for STARTTLS encryption, or 'ssl' for SSL.
+                  Any other value disables the feature.
+
+   --smtp-ssl     Synonym for '--smtp-encryption=ssl'.  Deprecated.
 
    --suppress-cc  Suppress the specified category of auto-CC.  The category
                  can be one of 'author' for the patch author, 'self' to
@@ -184,7 +187,7 @@ my ($quiet, $dry_run) = (0, 0);
 
 # Variables with corresponding config settings
 my ($thread, $chain_reply_to, $suppress_from, $signed_off_cc, $cc_cmd);
-my ($smtp_server, $smtp_server_port, $smtp_authuser, $smtp_ssl);
+my ($smtp_server, $smtp_server_port, $smtp_authuser, $smtp_encryption);
 my ($identity, $aliasfiletype, @alias_files, @smtp_host_parts);
 my ($no_validate);
 my (@suppress_cc);
@@ -194,7 +197,6 @@ my %config_bool_settings = (
     "chainreplyto" => [\$chain_reply_to, 1],
     "suppressfrom" => [\$suppress_from, undef],
     "signedoffcc" => [\$signed_off_cc, undef],
-    "smtpssl" => [\$smtp_ssl, 0],
 );
 
 my %config_settings = (
@@ -249,7 +251,8 @@ my $rc = GetOptions("sender|from=s" => \$sender,
                    "smtp-server-port=s" => \$smtp_server_port,
                    "smtp-user=s" => \$smtp_authuser,
                    "smtp-pass:s" => \$smtp_authpass,
-                   "smtp-ssl!" => \$smtp_ssl,
+                   "smtp-ssl" => sub { $smtp_encryption = 'ssl' },
+                   "smtp-encryption=s" => \$smtp_encryption,
                    "identity=s" => \$identity,
                    "compose" => \$compose,
                    "quiet" => \$quiet,
@@ -289,6 +292,15 @@ sub read_config {
                        $$target = Git::config(@repo, "$prefix.$setting") unless (defined $$target);
                }
        }
+
+       if (!defined $smtp_encryption) {
+               my $enc = Git::config(@repo, "$prefix.smtpencryption");
+               if (defined $enc) {
+                       $smtp_encryption = $enc;
+               } elsif (Git::config_bool(@repo, "$prefix.smtpssl")) {
+                       $smtp_encryption = 'ssl';
+               }
+       }
 }
 
 # read configuration from [sendemail "$identity"], fall back on [sendemail]
@@ -738,7 +750,7 @@ X-Mailer: git-send-email $gitversion
                        die "The required SMTP server is not properly defined."
                }
 
-               if ($smtp_ssl) {
+               if ($smtp_encryption eq 'ssl') {
                        $smtp_server_port ||= 465; # ssmtp
                        require Net::SMTP::SSL;
                        $smtp ||= Net::SMTP::SSL->new($smtp_server, Port => $smtp_server_port);
@@ -748,6 +760,17 @@ X-Mailer: git-send-email $gitversion
                        $smtp ||= Net::SMTP->new((defined $smtp_server_port)
                                                 ? "$smtp_server:$smtp_server_port"
                                                 : $smtp_server);
+                       if ($smtp_encryption eq 'tls') {
+                               require Net::SMTP::SSL;
+                               $smtp->command('STARTTLS');
+                               $smtp->response();
+                               if ($smtp->code == 220) {
+                                       $smtp = Net::SMTP::SSL->start_SSL($smtp)
+                                               or die "STARTTLS failed! ".$smtp->message;
+                               } else {
+                                       die "Server does not support STARTTLS! ".$smtp->message;
+                               }
+                       }
                }
 
                if (!$smtp) {