diff options
Diffstat (limited to 'imap/imap.c')
-rw-r--r-- | imap/imap.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/imap/imap.c b/imap/imap.c index ba96e782..2b479601 100644 --- a/imap/imap.c +++ b/imap/imap.c @@ -29,6 +29,9 @@ #include "browser.h" #include "message.h" #include "imap_private.h" +#ifdef USE_SSL +# include "mutt_ssl.h" +#endif #include <unistd.h> #include <ctype.h> @@ -309,6 +312,7 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags) int imap_open_connection (IMAP_DATA* idata) { char buf[LONG_STRING]; + int rc; if (mutt_socket_open (idata->conn) < 0) { @@ -324,8 +328,36 @@ int imap_open_connection (IMAP_DATA* idata) if (mutt_strncmp ("* OK", idata->cmd.buf, 4) == 0) { - if (imap_check_capabilities (idata) || imap_authenticate (idata)) + /* TODO: Parse new tagged CAPABILITY data (* OK [CAPABILITY...]) */ + if (imap_check_capabilities (idata)) + goto bail; +#if defined(USE_SSL) && !defined(USE_NSS) + /* Attempt STARTTLS if available. TODO: make STARTTLS configurable. */ + if (mutt_bit_isset (idata->capabilities, STARTTLS)) + { + if ((rc = imap_exec (idata, "STARTTLS", IMAP_CMD_FAIL_OK)) == -1) + goto bail; + if (rc != -2) + { + if (mutt_ssl_starttls (idata->conn)) + { + dprint (1, (debugfile, "imap_open_connection: STARTTLS failed\n")); + goto bail; + } + else + { + /* RFC 2595 demands we recheck CAPABILITY after TLS is negotiated. */ + if (imap_exec (idata, "CAPABILITY", 0)) + goto bail; + } + } + } +#endif + if (imap_authenticate (idata)) goto bail; + if (idata->conn->ssf) + dprint (2, (debugfile, "Communication encrypted at %d bits\n", + idata->conn->ssf)); } else if (mutt_strncmp ("* PREAUTH", idata->cmd.buf, 9) == 0) { |