Add $tunnel_is_secure config, defaulting set.

The config variable is to resolve an ambiguity in Mutt about whether
using $tunnel is secure.

On the one hand, the examples in the manual show using ssh or a direct
pipe to a program.  Many users do this to connect to an IMAP server
with PREAUTH configured, relying on the tunnel to be secured by ssh or
by the fact that it's a local pipe.

On the other hand, the Mutt connection code still respects
$ssl_starttls and $ssl_force_tls, as if the $tunnel connection were
not already secured.

After some discussion on mutt-dev, it seemed the best idea to assume
the connection is secure by default, in order to not break IMAP
PREAUTH connections, but to provide a configuration variable in case
there are situations where it is not.

Thanks to Aaron Schrab for the original idea of setting conn->ssf for
$tunnel in his patch to ticket 250.

1 files changed, 3 insertions, 2 deletions

diff --git a/imap/imap.c b/imap/imap.c
index 5f8bfd78..fab91837 100644
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -536,8 +536,9 @@ int imap_open_connection (IMAP_DATA* idata)
      * attacks is via $ssl_force_tls: an attacker can easily spoof
      * "* OK" and strip the STARTTLS capability.  So consult
      * $ssl_force_tls, not $ssl_starttls, to decide whether to
-     * abort. */
-    if (!idata->conn->ssf && !Tunnel && option(OPTSSLFORCETLS))
+     * abort. Note that if using $tunnel and $tunnel_is_secure,
+     * conn->ssf will be set to 1. */
+    if (!idata->conn->ssf && option(OPTSSLFORCETLS))
     {
       mutt_error _("Encrypted connection unavailable");
       mutt_sleep (1);