aboutsummaryrefslogtreecommitdiffstats
path: root/imap.c
diff options
context:
space:
mode:
authorEric S. Raymond <esr@thyrsus.com>2002-11-28 10:32:38 +0000
committerEric S. Raymond <esr@thyrsus.com>2002-11-28 10:32:38 +0000
commitb53d36176029927e5c4b9394f50140cebf21d19f (patch)
tree96640675b52b6b1f808ad4a86df7956344a19725 /imap.c
parent7151a63fcce316840de99b2da8bcdb03d61a770a (diff)
downloadfetchmail-b53d36176029927e5c4b9394f50140cebf21d19f.tar.gz
fetchmail-b53d36176029927e5c4b9394f50140cebf21d19f.tar.bz2
fetchmail-b53d36176029927e5c4b9394f50140cebf21d19f.zip
Sunil's patch for the STARTTLS problem.
svn path=/trunk/; revision=3772
Diffstat (limited to 'imap.c')
-rw-r--r--imap.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/imap.c b/imap.c
index d7eb0fa3..732141d8 100644
--- a/imap.c
+++ b/imap.c
@@ -252,6 +252,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
/* apply for connection authorization */
{
int ok = 0;
+#ifdef SSL_ENABLE
+ flag did_stls = FALSE;
+#endif /* SSL_ENABLE */
/* probe to see if we're running IMAP4 and can use RFC822.PEEK */
capabilities[0] = '\0';
@@ -359,7 +362,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
#endif /* KERBEROS_V4 */
#ifdef SSL_ENABLE
- if ((ctl->server.authenticate == A_ANY)
+ if ((!ctl->sslproto || !strcmp(ctl->sslproto,"tls1"))
&& !ctl->use_ssl
&& strstr(capabilities, "STARTTLS"))
{
@@ -373,10 +376,17 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
*/
if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
{
+ if (!ctl->sslproto && !ctl->wehaveauthed)
+ {
+ ctl->sslproto = xstrdup("");
+ /* repoll immediately */
+ return(PS_REPOLL);
+ }
report(stderr,
GT_("SSL connection failed.\n"));
return(PS_AUTHFAIL);
}
+ did_stls = TRUE;
}
#endif /* SSL_ENABLE */
@@ -471,6 +481,16 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
strcpy(shroud, password);
ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password);
shroud[0] = '\0';
+#ifdef SSL_ENABLE
+ /* this is for servers which claim to support TLS, but actually
+ * don't! */
+ if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed)
+ {
+ ctl->sslproto = xstrdup("");
+ /* repoll immediately */
+ ok = PS_REPOLL;
+ }
+#endif
if (ok)
{
/* SASL cancellation of authentication */