diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2002-09-09 07:24:51 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2002-09-09 07:24:51 +0000 |
| commit | dc688e8c7f7165d0019a56c0079df651d704664b (patch) | |
| tree | c50357c5f70c6a0e559872be3ee063f9d4ed1da1 /imap.c | |
| parent | 1c17765a80be0d8e0e19c19c4020c4ede99d64bb (diff) | |
| download | fetchmail-dc688e8c7f7165d0019a56c0079df651d704664b.tar.gz fetchmail-dc688e8c7f7165d0019a56c0079df651d704664b.tar.bz2 fetchmail-dc688e8c7f7165d0019a56c0079df651d704664b.zip | |
STARTTLS support.
svn path=/trunk/; revision=3706
Diffstat (limited to 'imap.c')
| -rw-r--r-- | imap.c | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -356,6 +356,27 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) } #endif /* KERBEROS_V4 */ +#ifdef SSL_ENABLE + if ((ctl->server.authenticate == A_ANY) + && strstr(capabilities, "STARTTLS")) + { + char *realhost; + + realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; + gen_transact(sock, "STARTTLS"); + + /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS, + * not other SSL protocols + */ + if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1) + { + report(stderr, + GT_("SSL connection failed.\n")); + return(PS_AUTHFAIL); + } + } +#endif /* SSL_ENABLE */ + /* * No such luck. OK, now try the variants that mask your password * in a challenge-response. |