Send a NOOP only after a failed STARTTLS in IMAP.
Reported by Mihail Nechkin against FreeBSD port.
Workaround for 6.3.18: build in a separate directory, i. e:
mkdir build && cd build && ../configure --options-go-here
+* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
# DOCUMENTATION:
* The manual page now links to IANA for GSSAPI service names.
/* apply for connection authorization */
{
int ok = 0;
-#ifdef SSL_ENABLE
- int got_tls = 0;
-#endif
(void)greeting;
/*
* Now that we're confident in our TLS connection we can
* guarantee a secure capability re-probe.
*/
- got_tls = 1;
capa_probe(sock, ctl);
if (outlevel >= O_VERBOSE)
{
report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
}
- }
- }
-
- if (!got_tls) {
- if (must_tls(ctl)) {
+ } else if (must_tls(ctl)) {
/* Config required TLS but we couldn't guarantee it, so we must
* stop. */
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
}
/* Usable. Proceed with authenticating insecurely. */
}
+ } else if (must_tls(ctl)) {
+ /* Config required TLS but STARTTLS is not advertised. */
+ report(stderr, GT_("%s: cannot upgrade to TLS: no STARTTLS in CAPABILITY response.\n"), commonname);
+ return PS_SOCKET;
}
}
#endif /* SSL_ENABLE */
#endif /* OPIE_ENABLE */
#ifdef SSL_ENABLE
flag connection_may_have_tls_errors = FALSE;
- flag got_tls = FALSE;
#endif /* SSL_ENABLE */
done_capa = FALSE;
* Now that we're confident in our TLS connection we can
* guarantee a secure capability re-probe.
*/
- got_tls = TRUE;
done_capa = FALSE;
ok = capa_probe(sock);
if (ok != PS_SUCCESS) {
{
report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
}
- }
- }
-
- if (!got_tls) {
- if (must_tls(ctl)) {
+ } else if (must_tls(ctl)) {
/* Config required TLS but we couldn't guarantee it, so we must
* stop. */
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname);
}
}
+ } else if (must_tls(ctl)) {
+ /* Config required TLS but STLS is not advertised. */
+ report(stderr, GT_("%s: cannot upgrade to TLS: no STLS in CAPA response.\n"), commonname);
+ return PS_SOCKET;
}
} /* maybe_tls() */
#endif /* SSL_ENABLE */