aboutsummaryrefslogtreecommitdiffstats
path: root/pop3.c
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2006-11-26 10:42:03 +0000
committerMatthias Andree <matthias.andree@gmx.de>2006-11-26 10:42:03 +0000
commit06adf462c806beab3d65c2c34d296c35e8e0655f (patch)
treee1860eace79ad172b612b06c16db919fe585d335 /pop3.c
parent250f0ed84ac892ea85654790cb83331dcbd8d44f (diff)
downloadfetchmail-06adf462c806beab3d65c2c34d296c35e8e0655f.tar.gz
fetchmail-06adf462c806beab3d65c2c34d296c35e8e0655f.tar.bz2
fetchmail-06adf462c806beab3d65c2c34d296c35e8e0655f.zip
Be sure that CAPA is probed before TLS.
Needed to avoid bogus login failures if the upstream offers STLS. Patch by Isaac Wilcox. svn path=/branches/BRANCH_6-3/; revision=4963
Diffstat (limited to 'pop3.c')
-rw-r--r--pop3.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/pop3.c b/pop3.c
index b41d4e53..e3b06656 100644
--- a/pop3.c
+++ b/pop3.c
@@ -41,6 +41,7 @@ static char lastok[POPBUFSIZE+1];
#endif /* OPIE_ENABLE */
/* session variables initialized in capa_probe() or pop3_getauth() */
+flag done_capa = FALSE;
#if defined(GSSAPI)
flag has_gssapi = FALSE;
#endif /* defined(GSSAPI) */
@@ -238,6 +239,9 @@ static int capa_probe(int sock)
{
int ok;
+ if (done_capa) {
+ return PS_SUCCESS;
+ }
#if defined(GSSAPI)
has_gssapi = FALSE;
#endif /* defined(GSSAPI) */
@@ -278,6 +282,7 @@ static int capa_probe(int sock)
if (strstr(buffer, "CRAM-MD5"))
has_cram = TRUE;
}
+ done_capa = TRUE;
}
return(ok);
}
@@ -307,6 +312,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
flag got_tls = FALSE;
#endif /* SSL_ENABLE */
+ done_capa = FALSE;
#if defined(GSSAPI)
has_gssapi = FALSE;
#endif /* defined(GSSAPI) */
@@ -441,6 +447,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
#ifdef SSL_ENABLE
+ ok = capa_probe(sock);
+ if (ok != PS_SUCCESS) {
+ return ok;
+ }
if (maybe_tls(ctl)) {
if (has_stls)
{
@@ -467,7 +477,11 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
* guarantee a secure capability re-probe.
*/
got_tls = TRUE;
- (void)capa_probe(sock);
+ done_capa = FALSE;
+ ok = capa_probe(sock);
+ if (ok != PS_SUCCESS) {
+ return ok;
+ }
if (outlevel >= O_VERBOSE)
{
report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost);