conn: do not force username in addition to client certificate

Remove the username population code so that it's only used if it has been set explicitly. Without this, it is not possible to use a SMTP server expecting implicit client certificate authentication as the username will trigger SMTP authentication which will fail if the server doesn't support it as is common in this setup. Upstream commit: 191b0513b43d5e603f99292faa5f8ebcc1be3823
neomutt · May 25, 2024 · 1949072 · 1949072
1 parent b6445e6
commit 1949072
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/conn/gnutls.c b/conn/gnutls.c
@@ -697,7 +697,7 @@ static int tls_check_certificate(struct Connection *conn)
  * @param conn Connection to a server
  *
  * @note This function grabs the CN out of the client cert but appears to do
- *       nothing with it.  It does contain a call to mutt_account_getuser().
+ *       nothing with it.
  */
 static void tls_get_client_cert(struct Connection *conn)
 {
@@ -736,10 +736,6 @@ static void tls_get_client_cert(struct Connection *conn)
       goto err;
     }
     mutt_debug(LL_DEBUG2, "client certificate CN: %s\n", cn);
-
-    /* if we are using a client cert, SASL may expect an external auth name */
-    if (mutt_account_getuser(&conn->account) < 0)
-      mutt_debug(LL_DEBUG1, "Couldn't get user info\n");
   }
 
 err:

diff --git a/conn/openssl.c b/conn/openssl.c
@@ -613,10 +613,6 @@ static void ssl_get_client_cert(struct SslSockData *ssldata, struct Connection *
   SSL_CTX_set_default_passwd_cb(ssldata->sctx, ssl_passwd_cb);
   SSL_CTX_use_certificate_file(ssldata->sctx, c_ssl_client_cert, SSL_FILETYPE_PEM);
   SSL_CTX_use_PrivateKey_file(ssldata->sctx, c_ssl_client_cert, SSL_FILETYPE_PEM);
-
-  /* if we are using a client cert, SASL may expect an external auth name */
-  if (mutt_account_getuser(&conn->account) < 0)
-    mutt_debug(LL_DEBUG1, "Couldn't get user info\n");
 }
 
 /**