From 983bd40c04cffdf4f9715ae8ba803007a5ed3640 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 1 Nov 2006 23:06:04 +0000
Subject: Snapshot 6.3.6-rc1.

svn path=/branches/BRANCH_6-3/; revision=4925
---
 imap.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'imap.c')

diff --git a/imap.c b/imap.c
index d397542f..5c1d8236 100644
--- a/imap.c
+++ b/imap.c
@@ -371,6 +371,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     int ok = 0;
 #ifdef SSL_ENABLE
     flag did_stls = FALSE;
+    flag using_tls = FALSE;
 #endif /* SSL_ENABLE */
 
     (void)greeting;
@@ -416,13 +417,14 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	       if (!ctl->sslproto && !ctl->wehaveauthed)
 	       {
 		   ctl->sslproto = xstrdup("");
-		   /* repoll immediately */
+		   /* repoll immediately with TLS disabled */
 		   return(PS_REPOLL);
 	       }
                report(stderr,
-                      GT_("SSL connection failed.\n"));
+                      GT_("TLS connection failed.\n"));
                return PS_SOCKET;
            } else {
+	       using_tls = TRUE;
 	       if (outlevel >= O_VERBOSE && !ctl->sslproto)
 		   report(stdout, GT_("%s: opportunistic upgrade to TLS.\n"), realhost);
 	   }
@@ -440,6 +442,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	    */
 	   capa_probe(sock, ctl);
     }
+    /* Check if TLS was enforced. */
+    if ((ctl->sslproto && !strcasecmp(ctl->sslproto,"tls1")) && !ctl->use_ssl && !using_tls) {
+	report(stderr, GT_("TLS connection failed.\n"));
+	return PS_SOCKET;
+    }
 #endif /* SSL_ENABLE */
 
     /*
-- 
cgit v1.2.3