From b50ce1e5ba3d28f5d75a8d32f11238ae9c9e3fa1 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 10 Feb 2013 19:53:49 +0000 Subject: [PATCH] imap: Added support for the STARTTLS capability (Part Three) Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously. --- lib/imap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/imap.c b/lib/imap.c index 0970691d48..8032db4a04 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -709,15 +709,24 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, { CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct imap_conn *imapc = &conn->proto.imapc; (void)instate; /* no use for this yet */ if(imapcode != 'O') result = imap_state_login(conn); else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch - to TLS connection now */ - result = imap_state_starttls(conn); + /* We don't have a SSL/TLS connection yet, but SSL is requested */ + if(imapc->tls_supported) + /* Switch to TLS connection now */ + result = imap_state_starttls(conn); + else if(data->set.use_ssl == CURLUSESSL_TRY) + /* Fallback and carry on with authentication */ + result = imap_authenticate(conn); + else { + failf(data, "STARTTLS not supported."); + result = CURLE_USE_SSL_FAILED; + } } else result = imap_authenticate(conn);