Detail on missing CAPA probes.

svn path=/branches/BRANCH_6-3/; revision=4978

2 files changed, 6 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 8cedb0ac..fc36a49f 100644
--- a/NEWS
+++ b/NEWS
@@ -51,7 +51,9 @@ fetchmail 6.3.6 (not yet released):
   - Fetchmail breaks the connection if the TLS negotiation (or verification, if
     requested) fails with sslproto 'tls1' (also applies if this is implicit).
 
-  - POP3 connections ignored STLS altogether in many circumstances.
+  - POP3 connections ignored STLS altogether in many circumstances, because
+    fetchmail did not probe server capabilities in all situations where it
+    should have done that.
 
   - POP3 connections could retry USER/PASS authentication even if strong
     challenge-response schemes such as CRAM-MD5 had explicitly been requested,
diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt
index 3d7f2387..1704512f 100644
--- a/fetchmail-SA-2006-02.txt
+++ b/fetchmail-SA-2006-02.txt
@@ -58,8 +58,9 @@ V2. Even with "sslproto tls1" in the config, fetches would go ahead
 
 V3. POP3 fetches could completely ignore all TLS options whether
     available or not because it didn't reliably issue CAPA before
-    checking for STLS support, and it would only try STLS if it had seen
-    the server's advertisement.
+    checking for STLS support - but CAPA is a requisite for STLS.
+    Whether or not CAPAbilities were probed, depended on the "auth"
+    option.
 
 V4. POP3 could fall back to using plain text passwords, even if strong
     authentication had been configured.