Run S(TART)TLS negotiation under timeout alarm.

Reported missing by Thomas Jarosch.

1 files changed, 4 insertions, 2 deletions

diff --git a/imap.c b/imap.c
index dca3bab9..397b391b 100644
--- a/imap.c
+++ b/imap.c
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	     * whether TLS is mandatory or opportunistic unless SSLOpen() fails
 	     * (see below). */
 	    if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
-		    && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
 			ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-			ctl->server.pollname, &ctl->remotename) != -1)
+			ctl->server.pollname, &ctl->remotename)) != -1)
 	    {
 		/*
 		 * RFC 2595 says this:
@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	    } else if (must_tls(ctl)) {
 		/* Config required TLS but we couldn't guarantee it, so we must
 		 * stop. */
+		set_timeout(0);
 		report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
 		return PS_SOCKET;
 	    } else {
+		set_timeout(0);
 		if (outlevel >= O_VERBOSE) {
 		    report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
 		}