1 files changed, 11 insertions, 11 deletions

diff --git a/imap.c b/imap.c
index 3b74f6f6..50e28a5a 100644
--- a/imap.c
+++ b/imap.c
@@ -434,6 +434,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     if (ctl->sslcommonname)
 	commonname = ctl->sslcommonname;
 
+#ifdef SSL_ENABLE
     /* Defend against a PREAUTH-prevents-STARTTLS attack */
     if (preauth && must_starttls(ctl)) {
 	report(stderr, GT_("%s: configuration requires TLS, but STARTTLS is not permitted "
@@ -442,17 +443,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	return PS_SOCKET;
     }
 
-    /* 
-     * If either (a) we saw a PREAUTH token in the greeting, or
-     * (b) the user specified ssh preauthentication, then we're done.
-     */
-    if (preauth || ctl->server.authenticate == A_SSH)
-    {
-        preauth = FALSE;  /* reset for the next session */
-        return(PS_SUCCESS);
-    }
-
-#ifdef SSL_ENABLE
     if (maybe_starttls(ctl)) {
 	if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl))
 		|| must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
@@ -512,6 +502,16 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     }
 #endif /* SSL_ENABLE */
 
+    /* 
+     * If either (a) we saw a PREAUTH token in the greeting, or
+     * (b) the user specified ssh preauthentication, then we're done.
+     */
+    if (preauth || ctl->server.authenticate == A_SSH)
+    {
+        preauth = FALSE;  /* reset for the next session */
+        return(PS_SUCCESS);
+    }
+
     /*
      * Time to authenticate the user.
      * Try the protocol variants that don't require passwords first.