smtp: Added support for the STARTTLS capability (Part Two)

Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
This commit is contained in:
Steve Holme 2013-02-10 19:59:42 +00:00
parent e0f4af4032
commit 566a3638fa

View File

@ -334,6 +334,7 @@ static CURLcode smtp_state_ehlo(struct connectdata *conn)
smtpc->authmechs = 0; /* No known authentication mechanisms yet */ smtpc->authmechs = 0; /* No known authentication mechanisms yet */
smtpc->authused = 0; /* Clear the authentication mechanism used smtpc->authused = 0; /* Clear the authentication mechanism used
for esmtp connections */ for esmtp connections */
smtpc->tls_supported = FALSE; /* Clear the TLS capability */
/* Send the EHLO command */ /* Send the EHLO command */
result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain); result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain);
@ -553,6 +554,7 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
{ {
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
struct smtp_conn *smtpc = &conn->proto.smtpc;
(void)instate; /* no use for this yet */ (void)instate; /* no use for this yet */
@ -566,9 +568,17 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
} }
} }
else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* We don't have a SSL/TLS connection yet, but SSL is requested. Switch /* We don't have a SSL/TLS connection yet, but SSL is requested */
to TLS connection now */ if(smtpc->tls_supported)
result = smtp_state_starttls(conn); /* Switch to TLS connection now */
result = smtp_state_starttls(conn);
else if(data->set.use_ssl == CURLUSESSL_TRY)
/* Fallback and carry on with authentication */
result = smtp_authenticate(conn);
else {
failf(data, "STARTTLS not supported.");
result = CURLE_USE_SSL_FAILED;
}
} }
else else
result = smtp_authenticate(conn); result = smtp_authenticate(conn);