1This list does not really follow priority. 2 3* Code cleanup: split smtp_session.c into generic SMTP, legacy TLS, 4 and current TLS. The amount of TLS code now dominates the file. 5 Do this after all other code revisions stabilize, to avoid 6 complicating code reviews. 7 8* Code cleanup: TLS_LEV_NOTFOUND no longer belongs in the TLS 9 library. It is an SMTP-client only feature. To fix, change the 10 policy lookup API and use a different method to indicate if a 11 policy was found. At the same time, fix policy lookup to initialize 12 session->tls_level. 13 14* Code cleanup: see if multiple consecutive switches can be aggregated 15 (set_cipher_grade() and session_tls_init()). 16 17* Implement support of CRL checking. OpenSSL 0.9.7 finally supports CRLs, 18 so Postfix/TLS should support loading CRLs. 19 20* Cleanup the "pfixtls" special logging, so that it fits Wietses original 21 "per site" decision to make debugging easier. 22 23* Move TLS based information from separate lines into Postfix's smtpd 24 logging lines to make logfile analysis easier. 25 26* Check the "info_callback" for sensitive use. I already had to remove the 27 "warning alert" issued on normal shutdown. Why is a warning issued for 28 a normal shutdown?? 29 30* Introduce new tls_per_client table to achieve the same selective behaviour 31 for incoming connections. 32 33* Introduce better support for "opportunistic" encryption: collect information 34 about peers connecting; log warnings when the key changed etc. 35 [I am not sure that I already have the best answers available.] 36 37* Find a way to use the certificates themselves instead of the fingerprints 38 to allow certificate based relaying. The maintenance of the fingerprints 39 is a nightmare. 40