Commit b50ce1e5 authored by Steve Holme's avatar Steve Holme
Browse files

imap: Added support for the STARTTLS capability (Part Three) 

Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
parent b3335043

lib/imap.c

+12 −3
Original line number Diff line number Diff line
@@ -709,15 +709,24 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, 
{

  CURLcode result = CURLE_OK;

  struct SessionHandle *data = conn->data;

  struct imap_conn *imapc = &conn->proto.imapc;



  (void)instate; /* no use for this yet */



  if(imapcode != 'O')

    result = imap_state_login(conn);

  else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {

    /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch

       to TLS connection now */

    /* We don't have a SSL/TLS connection yet, but SSL is requested */

    if(imapc->tls_supported)

      /* Switch to TLS connection now */

      result = imap_state_starttls(conn);

    else if(data->set.use_ssl == CURLUSESSL_TRY)

      /* Fallback and carry on with authentication */

      result = imap_authenticate(conn);

    else {

      failf(data, "STARTTLS not supported.");

      result = CURLE_USE_SSL_FAILED;

    }

  }

  else

    result = imap_authenticate(conn);