From d5dcdd9b11de6a3e97b7b686b09ddb5fb33085bf Mon Sep 17 00:00:00 2001 From: Sunil Shetye Date: Wed, 10 Nov 2010 12:36:50 +0530 Subject: Distinguish between server not advertising TLS capability and server failing during upgradation to TLS. Send a NOOP only after a failed STARTTLS in IMAP. --- pop3.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'pop3.c') diff --git a/pop3.c b/pop3.c index fd3e5b5d..21251e59 100644 --- a/pop3.c +++ b/pop3.c @@ -281,7 +281,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) #endif /* OPIE_ENABLE */ #ifdef SSL_ENABLE flag connection_may_have_tls_errors = FALSE; - flag got_tls = FALSE; #endif /* SSL_ENABLE */ done_capa = FALSE; @@ -465,7 +464,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * Now that we're confident in our TLS connection we can * guarantee a secure capability re-probe. */ - got_tls = TRUE; done_capa = FALSE; ok = capa_probe(sock); if (ok != PS_SUCCESS) { @@ -475,11 +473,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) { report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); } - } - } - - if (!got_tls) { - if (must_tls(ctl)) { + } else if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); @@ -496,6 +490,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname); } } + } else if (must_tls(ctl)) { + /* Config required TLS but STLS is not advertised. */ + report(stderr, GT_("%s: cannot upgrade to TLS: no STLS in CAPA response.\n"), commonname); + return PS_SOCKET; } } /* maybe_tls() */ #endif /* SSL_ENABLE */ -- cgit v1.2.3