From d1a40cf7cefbffe5ae41612f60b176ad0fc59847 Mon Sep 17 00:00:00 2001
From: Sunil Shetye <shetye@bombay.retortsoft.com>
Date: Thu, 11 Nov 2010 11:49:21 +0530
Subject: Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring
 server capabilities

---
 pop3.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'pop3.c')

diff --git a/pop3.c b/pop3.c
index 21251e59..3e62d864 100644
--- a/pop3.c
+++ b/pop3.c
@@ -440,7 +440,8 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	    if (ctl->sslcommonname)
 		commonname = ctl->sslcommonname;
 
-	   if (has_stls)
+	   if (has_stls
+		   || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
 	   {
 	       /* Use "tls1" rather than ctl->sslproto because tls1 is the only
 		* protocol that will work with STARTTLS.  Don't need to worry
@@ -490,10 +491,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		       report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname);
 		   }
 	       }
-	   } else if (must_tls(ctl)) {
-	       /* Config required TLS but STLS is not advertised. */
-	       report(stderr, GT_("%s: cannot upgrade to TLS: no STLS in CAPA response.\n"), commonname);
-	       return PS_SOCKET;
 	   }
 	} /* maybe_tls() */
 #endif /* SSL_ENABLE */
-- 
cgit v1.2.3