diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-02-10 19:59:42 +0000 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-02-10 19:59:42 +0000 |
| commit | 566a3638fa368f0cc9f54d305a24b9c6e4bb9120 (patch) | |
| tree | 3f498c7555bc48efe3824c622d38cf96264a6101 /lib | |
| parent | e0f4af403208b61ec7e19c05ec9b6187146c5189 (diff) | |
smtp: Added support for the STARTTLS capability (Part Two)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/smtp.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/smtp.c b/lib/smtp.c index 6b4f88559..3fed5c2ea 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -334,6 +334,7 @@ static CURLcode smtp_state_ehlo(struct connectdata *conn) smtpc->authmechs = 0; /* No known authentication mechanisms yet */ smtpc->authused = 0; /* Clear the authentication mechanism used for esmtp connections */ + smtpc->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the EHLO command */ result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain); @@ -553,6 +554,7 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, { CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct smtp_conn *smtpc = &conn->proto.smtpc; (void)instate; /* no use for this yet */ @@ -566,9 +568,17 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, } } else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch - to TLS connection now */ - result = smtp_state_starttls(conn); + /* We don't have a SSL/TLS connection yet, but SSL is requested */ + if(smtpc->tls_supported) + /* Switch to TLS connection now */ + result = smtp_state_starttls(conn); + else if(data->set.use_ssl == CURLUSESSL_TRY) + /* Fallback and carry on with authentication */ + result = smtp_authenticate(conn); + else { + failf(data, "STARTTLS not supported."); + result = CURLE_USE_SSL_FAILED; + } } else result = smtp_authenticate(conn); |