]> Pileus Git - ~andy/fetchmail/commitdiff
projects / ~andy / fetchmail / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 250f0ed)
Be sure that CAPA is probed before TLS.
authorMatthias Andree <matthias.andree@gmx.de>
Sun, 26 Nov 2006 10:42:03 +0000 (10:42 -0000)
committerMatthias Andree <matthias.andree@gmx.de>
Sun, 26 Nov 2006 10:42:03 +0000 (10:42 -0000)
Needed to avoid bogus login failures if the upstream offers STLS.
Patch by Isaac Wilcox.

svn path=/branches/BRANCH_6-3/; revision=4963

pop3.c patch | blob | history

diff --git a/pop3.c b/pop3.c
index b41d4e5396265521519f70385e7b836879437b1c..e3b06656529f2d9f7a20505cc1acb33eecd6b395 100644 (file)
--- a/pop3.c
+++ b/pop3.c
@@ -41,6 +41,7 @@ static char lastok[POPBUFSIZE+1];
 #endif /* OPIE_ENABLE */
 
 /* session variables initialized in capa_probe() or pop3_getauth() */
+flag done_capa = FALSE;
 #if defined(GSSAPI)
 flag has_gssapi = FALSE;
 #endif /* defined(GSSAPI) */
@@ -238,6 +239,9 @@ static int capa_probe(int sock)
 {
     int        ok;
 
+    if (done_capa) {
+       return PS_SUCCESS;
+    }
 #if defined(GSSAPI)
     has_gssapi = FALSE;
 #endif /* defined(GSSAPI) */
@@ -278,6 +282,7 @@ static int capa_probe(int sock)
            if (strstr(buffer, "CRAM-MD5"))
                has_cram = TRUE;
        }
+       done_capa = TRUE;
     }
     return(ok);
 }
@@ -307,6 +312,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
     flag got_tls = FALSE;
 #endif /* SSL_ENABLE */
 
+    done_capa = FALSE;
 #if defined(GSSAPI)
     has_gssapi = FALSE;
 #endif /* defined(GSSAPI) */
@@ -441,6 +447,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
        }
 
 #ifdef SSL_ENABLE
+       ok = capa_probe(sock);
+       if (ok != PS_SUCCESS) {
+           return ok;
+       }
        if (maybe_tls(ctl)) {
           if (has_stls)
           {
@@ -467,7 +477,11 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
                    * guarantee a secure capability re-probe.
                    */
                   got_tls = TRUE;
-                  (void)capa_probe(sock);
+                  done_capa = FALSE;
+                  ok = capa_probe(sock);
+                  if (ok != PS_SUCCESS) {
+                      return ok;
+                  }
                   if (outlevel >= O_VERBOSE)
                   {
                       report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost);
Andy's fetchmail repository