From 379d63ecc7e361fcfea5ef40881307b497e0c625 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Thu, 24 Jan 2013 20:22:20 +0000
Subject: imap.c: Fixed failure detection during TLS upgrade

imap_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to imaps and start the CAPABILITY command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
---
 lib/imap.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/imap.c b/lib/imap.c
index 288d1994f..5e845fb35 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -627,10 +627,8 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn,
     else
       result = imap_state_capability(conn);
   }
-  else {
-    state(conn, IMAP_UPGRADETLS);
+  else
     result = imap_state_upgrade_tls(conn);
-  }
 
   return result;
 }
@@ -642,9 +640,14 @@ static CURLcode imap_state_upgrade_tls(struct connectdata *conn)
 
   result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &imapc->ssldone);
 
-  if(imapc->ssldone) {
-    imap_to_imaps(conn);
-    result = imap_state_capability(conn);
+  if(!result) {
+    if(imapc->state != IMAP_UPGRADETLS)
+      state(conn, IMAP_UPGRADETLS);
+
+    if(imapc->ssldone) {
+      imap_to_imaps(conn);
+      result = imap_state_capability(conn);
+    }
   }
 
   return result;
-- 
cgit v1.2.3