diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2011-05-26 01:47:41 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2011-05-26 02:00:30 +0200 |
| commit | 1e13bb35731999c4668883acd404ede047793e1e (patch) | |
| tree | a881c8f44417ca86c36424a15fbdd6faaa734da9 | |
| parent | f285f5ee95765133b41d6ecae0f397b3b72fa6d4 (diff) | |
| download | fetchmail-1e13bb35731999c4668883acd404ede047793e1e.tar.gz fetchmail-1e13bb35731999c4668883acd404ede047793e1e.tar.bz2 fetchmail-1e13bb35731999c4668883acd404ede047793e1e.zip | |
Run S(TART)TLS negotiation under timeout alarm.
Reported missing by Thomas Jarosch.
| -rw-r--r-- | imap.c | 6 | ||||
| -rw-r--r-- | pop3.c | 7 |
2 files changed, 9 insertions, 4 deletions
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) * whether TLS is mandatory or opportunistic unless SSLOpen() fails * (see below). */ if (gen_transact(sock, "STARTTLS") == PS_SUCCESS - && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, + && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname, - ctl->server.pollname, &ctl->remotename) != -1) + ctl->server.pollname, &ctl->remotename)) != -1) { /* * RFC 2595 says this: @@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) } else if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ + set_timeout(0); report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); return PS_SOCKET; } else { + set_timeout(0); if (outlevel >= O_VERBOSE) { report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname); } @@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * whether TLS is mandatory or opportunistic unless SSLOpen() fails * (see below). */ if (gen_transact(sock, "STLS") == PS_SUCCESS - && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, + && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname, - ctl->server.pollname, &ctl->remotename) != -1) + ctl->server.pollname, &ctl->remotename)) != -1) { /* * RFC 2595 says this: @@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * Now that we're confident in our TLS connection we can * guarantee a secure capability re-probe. */ + set_timeout(0); done_capa = FALSE; ok = capa_probe(sock); if (ok != PS_SUCCESS) { @@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } else if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ + set_timeout(0); report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); return PS_SOCKET; } else { @@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * allowed til post-authentication), so leave it in an unknown * state, mark it as such, and check more carefully if things * go wrong when we try to authenticate. */ + set_timeout(0); connection_may_have_tls_errors = TRUE; if (outlevel >= O_VERBOSE) { |