STARTTLS enforcement for sslproto != "tls1".

Fetchmail < 6.4.2 used to only consider --sslproto=TLS1 as "mandatory STARTTLS" unless sslcertck or sslfingerprint were given, now all protocol versions will require STARTTLS. This did not matter in the default install because sslcertck defaults to on, but could permit fetchmail to continue with unencrypted connections if --nosslcertck was in use.
author: Matthias Andree <matthias.andree@gmx.de> 2020-01-04 00:51:33 +0100
committer: Matthias Andree <matthias.andree@gmx.de> 2020-01-04 01:00:45 +0100
commit: 650519f8bc28f9047290327cd9a2e1c01e430255 (patch)
tree: eac36af6e00bf6bc273c1bfa265ed9eb24064267
parent: c2d2c44713365211990fded2b0b22c0d23394cb7 (diff)
download: fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.tar.gz
fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.tar.bz2
fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/starttls.c b/starttls.c
index 2df08cd9..b35f2970 100644
--- a/starttls.c
+++ b/starttls.c
@@ -29,7 +29,7 @@ int must_starttls(struct query *ctl) {
 #ifdef SSL_ENABLE
     return maybe_starttls(ctl)
 	&& (ctl->sslfingerprint || ctl->sslcertck
-		|| (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
+		|| (ctl->sslproto && ctl->sslproto[0]));
 #else
     (void)ctl;
     return 0;
author	Matthias Andree <matthias.andree@gmx.de>	2020-01-04 00:51:33 +0100
committer	Matthias Andree <matthias.andree@gmx.de>	2020-01-04 01:00:45 +0100
commit	650519f8bc28f9047290327cd9a2e1c01e430255 (patch)
tree	eac36af6e00bf6bc273c1bfa265ed9eb24064267
parent	c2d2c44713365211990fded2b0b22c0d23394cb7 (diff)
download	fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.tar.gz fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.tar.bz2 fetchmail-650519f8bc28f9047290327cd9a2e1c01e430255.zip