From f9fd0db683f22c7c1c0d6a14e2d5ad463833d407 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 29 Nov 2006 22:07:50 +0000
Subject: Detail on missed CAPA probes.

svn path=/branches/BRANCH_6-3/; revision=4979
---
 NEWS                     | 4 ++--
 fetchmail-SA-2006-02.txt | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index fc36a49f..b5bdceec 100644
--- a/NEWS
+++ b/NEWS
@@ -52,8 +52,8 @@ fetchmail 6.3.6 (not yet released):
     requested) fails with sslproto 'tls1' (also applies if this is implicit).
 
   - POP3 connections ignored STLS altogether in many circumstances, because
-    fetchmail did not probe server capabilities in all situations where it
-    should have done that.
+    fetchmail did not probe server capabilities for all values of "auth" - see
+    fetchmail-SA-2006-02.txt for details.
 
   - POP3 connections could retry USER/PASS authentication even if strong
     challenge-response schemes such as CRAM-MD5 had explicitly been requested,
diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt
index 1704512f..05a9a8f0 100644
--- a/fetchmail-SA-2006-02.txt
+++ b/fetchmail-SA-2006-02.txt
@@ -60,7 +60,8 @@ V3. POP3 fetches could completely ignore all TLS options whether
     available or not because it didn't reliably issue CAPA before
     checking for STLS support - but CAPA is a requisite for STLS.
     Whether or not CAPAbilities were probed, depended on the "auth"
-    option.
+    option. (Fetchmail only tried CAPA if the auth option was not set at
+    all, was set to gssapi, kerberos, kerberos_v4, otp, or cram-md5.)
 
 V4. POP3 could fall back to using plain text passwords, even if strong
     authentication had been configured.
-- 
cgit v1.2.3