aboutsummaryrefslogtreecommitdiffstats
path: root/imap.c
diff options
context:
space:
mode:
Diffstat (limited to 'imap.c')
-rw-r--r--imap.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/imap.c b/imap.c
index d397542f..5c1d8236 100644
--- a/imap.c
+++ b/imap.c
@@ -371,6 +371,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
int ok = 0;
#ifdef SSL_ENABLE
flag did_stls = FALSE;
+ flag using_tls = FALSE;
#endif /* SSL_ENABLE */
(void)greeting;
@@ -416,13 +417,14 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
if (!ctl->sslproto && !ctl->wehaveauthed)
{
ctl->sslproto = xstrdup("");
- /* repoll immediately */
+ /* repoll immediately with TLS disabled */
return(PS_REPOLL);
}
report(stderr,
- GT_("SSL connection failed.\n"));
+ GT_("TLS connection failed.\n"));
return PS_SOCKET;
} else {
+ using_tls = TRUE;
if (outlevel >= O_VERBOSE && !ctl->sslproto)
report(stdout, GT_("%s: opportunistic upgrade to TLS.\n"), realhost);
}
@@ -440,6 +442,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
*/
capa_probe(sock, ctl);
}
+ /* Check if TLS was enforced. */
+ if ((ctl->sslproto && !strcasecmp(ctl->sslproto,"tls1")) && !ctl->use_ssl && !using_tls) {
+ report(stderr, GT_("TLS connection failed.\n"));
+ return PS_SOCKET;
+ }
#endif /* SSL_ENABLE */
/*
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-16 15:47:29 +0000