From e0f4af403208b61ec7e19c05ec9b6187146c5189 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 10 Feb 2013 19:56:54 +0000 Subject: pop3: Added support for the STLS capability (Part Three) Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously. --- lib/pop3.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/pop3.c b/lib/pop3.c index 8d8dab8a1..2b58df9b5 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -636,15 +636,24 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, { CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct pop3_conn *pop3c = &conn->proto.pop3c; (void)instate; /* no use for this yet */ if(pop3code != '+') result = pop3_state_user(conn); else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch - to TLS connection now */ - result = pop3_state_starttls(conn); + /* We don't have a SSL/TLS connection yet, but SSL is requested */ + if(pop3c->tls_supported) + /* Switch to TLS connection now */ + result = pop3_state_starttls(conn); + else if(data->set.use_ssl == CURLUSESSL_TRY) + /* Fallback and carry on with authentication */ + result = pop3_authenticate(conn); + else { + failf(data, "STLS not supported."); + result = CURLE_USE_SSL_FAILED; + } } else result = pop3_authenticate(conn); -- cgit v1.2.3