2 files changed, 16 insertions, 13 deletions

diff --git a/NEWS b/NEWS
index 9e300aa8..e6e2b580 100644
--- a/NEWS
+++ b/NEWS
@@ -44,8 +44,10 @@ be removed from a 6.4.0 or newer release.)
 
 fetchmail 6.3.7 (not yet released):
 
-# REGRESSION FIX
-* Fix KPOP, broken with the 6.3.6 security fix. Patch by Miroslav Trmac.
+# FIXES FOR REGRESSIONS IN 6.3.6
+* Fix KPOP. Patch by Miloslav Trmac.
+* Fix repoll when server disconnects after opportunistic TLS failed for POP3.
+  Berlios Bug #10133, reported by Andrej Kacian.
 
 # TRANSLATION UPDATES
 * Japanese (Takeshi Hamasaki), Polish (Jakub Bogusz)
diff --git a/pop3.c b/pop3.c
index 92fe06d1..556053ee 100644
--- a/pop3.c
+++ b/pop3.c
@@ -635,17 +635,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	}
 	memset(shroud, 0x55, sizeof(shroud));
 	shroud[0] = '\0';
-#ifdef SSL_ENABLE
-	/* this is for servers which claim to support TLS, but actually
-	 * don't! */
-	if (connection_may_have_tls_errors && ok == PS_SOCKET)
-	{
-	    xfree(ctl->sslproto);
-	    ctl->sslproto = xstrdup("");
-	    /* repoll immediately without TLS */
-	    ok = PS_REPOLL;
-	}
-#endif
 	break;
 
     case P_APOP:
@@ -694,6 +683,18 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	ok = PS_ERROR;
     }
 
+#ifdef SSL_ENABLE
+    /* this is for servers which claim to support TLS, but actually
+     * don't! */
+    if (connection_may_have_tls_errors && ok == PS_SOCKET)
+    {
+	xfree(ctl->sslproto);
+	ctl->sslproto = xstrdup("");
+	/* repoll immediately without TLS */
+	ok = PS_REPOLL;
+    }
+#endif
+
     if (ok != 0)
     {
 	/* maybe we detected a lock-busy condition? */