From b53d36176029927e5c4b9394f50140cebf21d19f Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Thu, 28 Nov 2002 10:32:38 +0000 Subject: Sunil's patch for the STARTTLS problem. svn path=/trunk/; revision=3772 --- imap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'imap.c') diff --git a/imap.c b/imap.c index d7eb0fa3..732141d8 100644 --- a/imap.c +++ b/imap.c @@ -252,6 +252,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) /* apply for connection authorization */ { int ok = 0; +#ifdef SSL_ENABLE + flag did_stls = FALSE; +#endif /* SSL_ENABLE */ /* probe to see if we're running IMAP4 and can use RFC822.PEEK */ capabilities[0] = '\0'; @@ -359,7 +362,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) #endif /* KERBEROS_V4 */ #ifdef SSL_ENABLE - if ((ctl->server.authenticate == A_ANY) + if ((!ctl->sslproto || !strcmp(ctl->sslproto,"tls1")) && !ctl->use_ssl && strstr(capabilities, "STARTTLS")) { @@ -373,10 +376,17 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) */ if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1) { + if (!ctl->sslproto && !ctl->wehaveauthed) + { + ctl->sslproto = xstrdup(""); + /* repoll immediately */ + return(PS_REPOLL); + } report(stderr, GT_("SSL connection failed.\n")); return(PS_AUTHFAIL); } + did_stls = TRUE; } #endif /* SSL_ENABLE */ @@ -471,6 +481,16 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) strcpy(shroud, password); ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password); shroud[0] = '\0'; +#ifdef SSL_ENABLE + /* this is for servers which claim to support TLS, but actually + * don't! */ + if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed) + { + ctl->sslproto = xstrdup(""); + /* repoll immediately */ + ok = PS_REPOLL; + } +#endif if (ok) { /* SASL cancellation of authentication */ -- cgit v1.2.3