On 20/11/16 22:18, Mike Fisher wrote:
Thanks for contributing to Git.
One comment on the head line:
>Refactor send_message() to remove dependency on deprecated
Net::SMTP::SSL
The word "refactor" may be used in other way: Re-structure the code,
and use the same API.
"Remove dependency on deprecated Net::SMTP::SSL"
Refactor send_message() to remove dependency on deprecated
Net::SMTP::SSL:
Is there a security risk with require Net::SMTP::SSL ?
If yes, the commit message should state this.
If no:
Even if it is deprecated, is it still in use somewhere ?
Does it hurt someone, is there any OS release where the old code doesn't work
anymore ?
Or is it "only" nice to have ?
Since when does Net::SMTP include Net::SMTP::SSL ?
On which system has the change been tested ?
I think the commit message could and should give more information like this.
My comments may be over-critical.
Lets see if other people from the list know more than me.
<http://search.cpan.org/~rjbs/Net-SMTP-SSL-1.04/lib/Net/SMTP/SSL.pm#DEPRECATED>
Signed-off-by: Mike Fisher <mfisher@xxxxxxxxxxx>
---
git-send-email.perl | 54 +++++++++++++++++++++++++----------------------------
1 file changed, 25 insertions(+), 29 deletions(-)
diff --git a/git-send-email.perl b/git-send-email.perl
index da81be4..fc166c5 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -1330,15 +1330,17 @@ Message-Id: $message_id
print $sm "$header\n$message";
close $sm or die $!;
} else {
-
I can see one refactoring, that is the removal of an empty line.
if (!defined $smtp_server) {
die "The required SMTP server is not properly defined."
}
+ require Net::SMTP;
+ $smtp_domain ||= maildomain();
+ my $smtp_ssl = 0;
+
if ($smtp_encryption eq 'ssl') {
$smtp_server_port ||= 465; # ssmtp
- require Net::SMTP::SSL;
- $smtp_domain ||= maildomain();
+ $smtp_ssl = 1;
require IO::Socket::SSL;
# Suppress "variable accessed once" warning.
@@ -1347,37 +1349,31 @@ Message-Id: $message_id
$IO::Socket::SSL::DEBUG = 1;
}
- # Net::SMTP::SSL->new() does not forward any SSL options
IO::Socket::SSL::set_client_defaults(
ssl_verify_params());
- $smtp ||= Net::SMTP::SSL->new($smtp_server,
- Hello => $smtp_domain,
- Port => $smtp_server_port,
- Debug => $debug_net_smtp);
}
else {
- require Net::SMTP;
- $smtp_domain ||= maildomain();
$smtp_server_port ||= 25;
- $smtp ||= Net::SMTP->new($smtp_server,
- Hello => $smtp_domain,
- Debug => $debug_net_smtp,
- Port => $smtp_server_port);
- if ($smtp_encryption eq 'tls' && $smtp) {
- require Net::SMTP::SSL;
- $smtp->command('STARTTLS');
- $smtp->response();
- if ($smtp->code == 220) {
- $smtp = Net::SMTP::SSL->start_SSL($smtp,
- ssl_verify_params())
- or die "STARTTLS failed! ".IO::Socket::SSL::errstr();
- $smtp_encryption = '';
- # Send EHLO again to receive fresh
- # supported commands
- $smtp->hello($smtp_domain);
- } else {
- die "Server does not support STARTTLS! ".$smtp->message;
- }
+ }
+
+ $smtp ||= Net::SMTP->new($smtp_server,
+ Hello => $smtp_domain,
+ Port => $smtp_server_port,
+ Debug => $debug_net_smtp,
+ SSL => $smtp_ssl);
+
+ if ($smtp_encryption eq 'tls' && $smtp) {
+ $smtp->command('STARTTLS');
+ $smtp->response();
+ if ($smtp->code == 220) {
+ $smtp->starttls(ssl_verify_params())
+ or die "STARTTLS failed! ".IO::Socket::SSL::errstr();
+ $smtp_encryption = '';
+ # Send EHLO again to receive fresh
+ # supported commands
+ $smtp->hello($smtp_domain);
+ } else {
+ die "Server does not support STARTTLS! ".$smtp->message;
}
}