2 files changed, 23 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index ed88f606..fe4292b4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+* Nerijus Baliunas's patch to support STARTTLS over IMAP.
+
 fetchmail-5.9.14 (Fri Sep  6 05:03:25 EDT 2002), 21932 lines:
 
 * Sunil Shetye's patch to eliminate multiple bounces.
diff --git a/imap.c b/imap.c
index df8cd336..40abdb2a 100644
--- a/imap.c
+++ b/imap.c
@@ -356,6 +356,27 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     }
 #endif /* KERBEROS_V4 */
 
+#ifdef SSL_ENABLE
+    if ((ctl->server.authenticate == A_ANY)
+        && strstr(capabilities, "STARTTLS"))
+    {
+           char *realhost;
+
+           realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+           gen_transact(sock, "STARTTLS");
+
+           /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
+            * not other SSL protocols
+            */
+           if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+           {
+               report(stderr,
+                      GT_("SSL connection failed.\n"));
+               return(PS_AUTHFAIL);
+           }
+    }
+#endif /* SSL_ENABLE */
+
     /*
      * No such luck.  OK, now try the variants that mask your password
      * in a challenge-response.