From b82c3ccb65e3279996a690ebf577263d7730e0b3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 26 Aug 2021 23:53:14 +0200
Subject: SECURITY: IMAP: PREAUTH->abort if STARTTLS needed

On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.

--ssl is unaffected because it always negotiates TLS.

See fetchmail-SA-2021-02.txt for details.
---
 driver.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'driver.c')

diff --git a/driver.c b/driver.c
index 3e382d3a..5421c766 100644
--- a/driver.c
+++ b/driver.c
@@ -1243,10 +1243,18 @@ is restored."));
 			   ctl->remotename,
 			   ctl->server.truename);
 		}
+		else if (err == PS_SOCKET)
+		{
+		    report(stderr, GT_("Socket or TLS error on %s@%s\n"),
+			   ctl->remotename,
+			   ctl->server.truename);
+		}
 		else
+		{
 		    report(stderr, GT_("Unknown login or authentication error on %s@%s\n"),
 			   ctl->remotename,
 			   ctl->server.truename);
+		}
 		    
 		goto cleanUp;
 	    }
-- 
cgit v1.2.3