diff options
| author | Sunil Shetye <shetye@bombay.retortsoft.com> | 2010-11-10 12:36:50 +0530 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-11-10 16:20:27 +0100 |
| commit | d5dcdd9b11de6a3e97b7b686b09ddb5fb33085bf (patch) | |
| tree | 385669f78c6d97d2997136901b9d379b07d6da2b /imap.c | |
| parent | 31b2f3903092c2eb1079a845add5aacf52a707ec (diff) | |
| download | fetchmail-d5dcdd9b11de6a3e97b7b686b09ddb5fb33085bf.tar.gz fetchmail-d5dcdd9b11de6a3e97b7b686b09ddb5fb33085bf.tar.bz2 fetchmail-d5dcdd9b11de6a3e97b7b686b09ddb5fb33085bf.zip | |
Distinguish between server not advertising TLS capability and server failing during upgradation to TLS.
Send a NOOP only after a failed STARTTLS in IMAP.
Diffstat (limited to 'imap.c')
| -rw-r--r-- | imap.c | 14 |
1 files changed, 5 insertions, 9 deletions
@@ -397,9 +397,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) /* apply for connection authorization */ { int ok = 0; -#ifdef SSL_ENABLE - int got_tls = 0; -#endif (void)greeting; /* @@ -457,17 +454,12 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) * Now that we're confident in our TLS connection we can * guarantee a secure capability re-probe. */ - got_tls = 1; capa_probe(sock, ctl); if (outlevel >= O_VERBOSE) { report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); } - } - } - - if (!got_tls) { - if (must_tls(ctl)) { + } else if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); @@ -486,6 +478,10 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) } /* Usable. Proceed with authenticating insecurely. */ } + } else if (must_tls(ctl)) { + /* Config required TLS but STARTTLS is not advertised. */ + report(stderr, GT_("%s: cannot upgrade to TLS: no STARTTLS in CAPABILITY response.\n"), commonname); + return PS_SOCKET; } } #endif /* SSL_ENABLE */ |