aboutsummaryrefslogtreecommitdiffstats
path: root/pop3.c
diff options
context:
space:
mode:
Diffstat (limited to 'pop3.c')
-rw-r--r--pop3.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/pop3.c b/pop3.c
index fac2b185..41723b48 100644
--- a/pop3.c
+++ b/pop3.c
@@ -141,6 +141,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
#ifdef OPIE_ENABLE
flag has_otp = FALSE;
#endif /* OPIE_ENABLE */
+#ifdef SSL_ENABLE
+ flag has_ssl = FALSE;
+#endif /* SSL_ENABLE */
#ifdef SDPS_ENABLE
/*
@@ -207,6 +210,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
{
if (DOTLINE(buffer))
break;
+#ifdef SSL_ENABLE
+ if (strstr(buffer, "STLS"))
+ has_ssl = TRUE;
+#endif /* SSL_ENABLE */
#if defined(GSSAPI)
if (strstr(buffer, "GSSAPI"))
has_gssapi = TRUE;
@@ -224,6 +231,27 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
}
+#ifdef SSL_ENABLE
+ if (has_ssl &&
+#if INET6_ENABLE
+ ctl->server.service && (strcmp(ctl->server.service, "pop3s"))
+#else /* INET6_ENABLE */
+ ctl->server.port != 995
+#endif /* INET6_ENABLE */
+ )
+ {
+ char *realhost;
+
+ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; gen_transact(sock, "STLS");
+ if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+ {
+ report(stderr,
+ GT_("SSL connection failed.\n"));
+ return(PS_AUTHFAIL);
+ }
+ }
+#endif /* SSL_ENABLE */
+
/*
* OK, we have an authentication type now.
*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 21:37:16 +0000