STARTTLS support.

svn path=/trunk/; revision=3706

diff --git a/NEWS b/NEWS
index ed88f6063ccc00978adefc2f0a2df28eab10b4c2..fe4292b485879baa2fe1ebfbb7c813f32ecf6ec9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+* Nerijus Baliunas's patch to support STARTTLS over IMAP.
+
 fetchmail-5.9.14 (Fri Sep  6 05:03:25 EDT 2002), 21932 lines:
 
 * Sunil Shetye's patch to eliminate multiple bounces.

diff --git a/imap.c b/imap.c
index df8cd336cd74e554f4e9b69dc86d5ce413c769a0..40abdb2a7181d0afddcf47bccf5834504afcfaf7 100644 (file)
--- a/imap.c
+++ b/imap.c
@@ -356,6 +356,27 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     }
 #endif /* KERBEROS_V4 */
 
+#ifdef SSL_ENABLE
+    if ((ctl->server.authenticate == A_ANY)
+        && strstr(capabilities, "STARTTLS"))
+    {
+           char *realhost;
+
+           realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+           gen_transact(sock, "STARTTLS");
+
+           /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
+            * not other SSL protocols
+            */
+           if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+           {
+               report(stderr,
+                      GT_("SSL connection failed.\n"));
+               return(PS_AUTHFAIL);
+           }
+    }
+#endif /* SSL_ENABLE */
+
     /*
      * No such luck.  OK, now try the variants that mask your password
      * in a challenge-response.