Run S(TART)TLS negotiation under timeout alarm.

Reported missing by Thomas Jarosch.

diff --git a/imap.c b/imap.c
index dca3bab9f51448cba5c3e81804ca775c4773f648..397b391b153f849928158804574ae81c5da2ccae 100644 (file)
--- a/imap.c
+++ b/imap.c
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
             * whether TLS is mandatory or opportunistic unless SSLOpen() fails
             * (see below). */
            if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
-                   && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+                   && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
                        ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-                       ctl->server.pollname, &ctl->remotename) != -1)
+                       ctl->server.pollname, &ctl->remotename)) != -1)
            {
                /*
                 * RFC 2595 says this:
@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
            } else if (must_tls(ctl)) {
                /* Config required TLS but we couldn't guarantee it, so we must
                 * stop. */
+               set_timeout(0);
                report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
                return PS_SOCKET;
            } else {
+               set_timeout(0);
                if (outlevel >= O_VERBOSE) {
                    report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
                }

diff --git a/pop3.c b/pop3.c
index 3def391b77fb5c591afcebdb60cb85ed2944e6f7..9cf8494416073967342ae4a5ad0cd1181d0f51b0 100644 (file)
--- a/pop3.c
+++ b/pop3.c
@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
                * whether TLS is mandatory or opportunistic unless SSLOpen() fails
                * (see below). */
               if (gen_transact(sock, "STLS") == PS_SUCCESS
-                      && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+                      && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
                           ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-                          ctl->server.pollname, &ctl->remotename) != -1)
+                          ctl->server.pollname, &ctl->remotename)) != -1)
               {
                   /*
                    * RFC 2595 says this:
@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
                    * Now that we're confident in our TLS connection we can
                    * guarantee a secure capability re-probe.
                    */
+                  set_timeout(0);
                   done_capa = FALSE;
                   ok = capa_probe(sock);
                   if (ok != PS_SUCCESS) {
@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
               } else if (must_tls(ctl)) {
                   /* Config required TLS but we couldn't guarantee it, so we must
                    * stop. */
+                  set_timeout(0);
                   report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
                   return PS_SOCKET;
               } else {
@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
                    * allowed til post-authentication), so leave it in an unknown
                    * state, mark it as such, and check more carefully if things
                    * go wrong when we try to authenticate. */
+                  set_timeout(0);
                   connection_may_have_tls_errors = TRUE;
                   if (outlevel >= O_VERBOSE)
                   {