Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring server capabilities

[~andy/fetchmail] / imap.c

diff --git a/imap.c b/imap.c
index cbaa913b1f4c84542aff9ee61b5ee2df5087d479..11b206c08d42d72f051af29dc16a57fdb778d510 100644 (file)
--- a/imap.c
+++ b/imap.c
@@ -430,7 +430,8 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
        if (ctl->sslcommonname)
            commonname = ctl->sslcommonname;
 
-       if (strstr(capabilities, "STARTTLS"))
+       if (strstr(capabilities, "STARTTLS")
+               || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
        {
            /* Use "tls1" rather than ctl->sslproto because tls1 is the only
             * protocol that will work with STARTTLS.  Don't need to worry
@@ -478,10 +479,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
                }
                /* Usable.  Proceed with authenticating insecurely. */
            }
-       } else if (must_tls(ctl)) {
-           /* Config required TLS but STARTTLS is not advertised. */
-           report(stderr, GT_("%s: cannot upgrade to TLS: no STARTTLS in CAPABILITY response.\n"), commonname);
-           return PS_SOCKET;
        }
     }
 #endif /* SSL_ENABLE */