From 1dd30824d32f02372cd775b3e54b3b7780c2c4dd Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Thu, 25 Jan 2018 22:24:05 +0100
Subject: [PATCH] lib-smtp: client: Fix ignoring invalid certificate from
 server.

Although it initially allowed the invalid certificate, it would still fail later
on while reading/writing the SSL streams.
---
 src/lib-smtp/smtp-client-connection.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/lib-smtp/smtp-client-connection.c b/src/lib-smtp/smtp-client-connection.c
index 72be80cfb9..6f669bb3d7 100644
--- a/src/lib-smtp/smtp-client-connection.c
+++ b/src/lib-smtp/smtp-client-connection.c
@@ -1201,7 +1201,6 @@ static int
 smtp_client_connection_ssl_init(struct smtp_client_connection *conn,
 				const char **error_r)
 {
-	struct ssl_iostream_settings ssl_set;
 	const char *error;
 
 	if (smtp_client_connection_init_ssl_ctx(conn, &error) < 0) {
@@ -1210,11 +1209,6 @@ smtp_client_connection_ssl_init(struct smtp_client_connection *conn,
 		return -1;
 	}
 
-	i_zero(&ssl_set);
-	if (!conn->set.ssl->allow_invalid_cert) {
-		ssl_set.verbose_invalid_cert = TRUE;
-	}
-
 	if (conn->set.debug)
 		smtp_client_connection_debug(conn, "Starting SSL handshake");
 
@@ -1229,7 +1223,7 @@ smtp_client_connection_ssl_init(struct smtp_client_connection *conn,
 	}
 
 	if (io_stream_create_ssl_client(conn->ssl_ctx,
-		conn->host, &ssl_set,
+		conn->host, conn->set.ssl,
 		&conn->conn.input, &conn->conn.output,
 		&conn->ssl_iostream, &error) < 0) {
 		*error_r = t_strdup_printf(