pop3: Added support for the STLS capability (Part Three)

Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.

1 files changed, 12 insertions, 3 deletions

diff --git a/lib/pop3.c b/lib/pop3.c
index 8d8dab8a1..2b58df9b5 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -636,15 +636,24 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
 {
   CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
 
   (void)instate; /* no use for this yet */
 
   if(pop3code != '+')
     result = pop3_state_user(conn);
   else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
-    /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch
-       to TLS connection now */
-    result = pop3_state_starttls(conn);
+    /* We don't have a SSL/TLS connection yet, but SSL is requested */
+    if(pop3c->tls_supported)
+      /* Switch to TLS connection now */
+      result = pop3_state_starttls(conn);
+    else if(data->set.use_ssl == CURLUSESSL_TRY)
+      /* Fallback and carry on with authentication */
+      result = pop3_authenticate(conn);
+    else {
+      failf(data, "STLS not supported.");
+      result = CURLE_USE_SSL_FAILED;
+    }
   }
   else
     result = pop3_authenticate(conn);