From 0c9e0b65af1aa77f3ec57506eac0812a4ccfbf55 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 29 Nov 2006 00:42:16 +0000
Subject: [PATCH] Fix bogus authentication failure with --auth password when
 CAPA fails.

svn path=/branches/BRANCH_6-3/; revision=4976
---
 pop3.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/pop3.c b/pop3.c
index 94afa744..3acc5923 100644
--- a/pop3.c
+++ b/pop3.c
@@ -444,22 +444,26 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		    (ok == PS_SOCKET && !ctl->wehaveauthed))
 		{
 #ifdef SSL_ENABLE
-		    if (must_tls(ctl))
+		    if (must_tls(ctl)) {
 			/* fail with mandatory STLS without repoll */
+			report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n"));
+			report(stderr, GT_("The CAPA command is however necessary for TLS.\n"));
 			return ok;
-		    else {
+		    } else {
 			/* defeat opportunistic STLS */
 			xfree(ctl->sslproto);
 			ctl->sslproto = xstrdup("");
 		    }
 #endif
-		    /* If strong authentication was opportunistic, retry
-		     * without, else fail. */
-		    if (ctl->server.authenticate == A_ANY) {
-			ctl->server.authenticate = A_PASSWORD;
-			return PS_REPOLL;
-		    } else {
-			return PS_AUTHFAIL;
+		    /* If strong authentication was opportunistic, retry without, else fail. */
+		    switch (ctl->server.authenticate) {
+			case A_ANY:
+			    ctl->server.authenticate = A_PASSWORD;
+			    /* FALLTHROUGH */
+			case A_PASSWORD: /* this should only happen with TLS enabled */
+			    return PS_REPOLL;
+			default:
+			    return PS_AUTHFAIL;
 		    }
 		}
 	}
-- 
2.43.2