77 lines
3.2 KiB
Diff
77 lines
3.2 KiB
Diff
commit 7dc67b8cf06f74aa57525279940e180c99701314
|
|
Author: Matthias Andree <matthias.andree@gmx.de>
|
|
Date: Thu May 26 01:47:41 2011 +0200
|
|
|
|
Run S(TART)TLS negotiation under timeout alarm.
|
|
|
|
Reported missing by Thomas Jarosch.
|
|
|
|
diff --git a/imap.c b/imap.c
|
|
index dca3bab..397b391 100644
|
|
--- a/imap.c
|
|
+++ b/imap.c
|
|
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
|
|
* whether TLS is mandatory or opportunistic unless SSLOpen() fails
|
|
* (see below). */
|
|
if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
|
|
- && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
|
|
- ctl->server.pollname, &ctl->remotename) != -1)
|
|
+ ctl->server.pollname, &ctl->remotename)) != -1)
|
|
{
|
|
/*
|
|
* RFC 2595 says this:
|
|
@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
|
|
} else if (must_tls(ctl)) {
|
|
/* Config required TLS but we couldn't guarantee it, so we must
|
|
* stop. */
|
|
+ set_timeout(0);
|
|
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
|
|
return PS_SOCKET;
|
|
} else {
|
|
+ set_timeout(0);
|
|
if (outlevel >= O_VERBOSE) {
|
|
report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
|
|
}
|
|
diff --git a/pop3.c b/pop3.c
|
|
index 3def391..9cf8494 100644
|
|
--- a/pop3.c
|
|
+++ b/pop3.c
|
|
@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
* whether TLS is mandatory or opportunistic unless SSLOpen() fails
|
|
* (see below). */
|
|
if (gen_transact(sock, "STLS") == PS_SUCCESS
|
|
- && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
|
|
- ctl->server.pollname, &ctl->remotename) != -1)
|
|
+ ctl->server.pollname, &ctl->remotename)) != -1)
|
|
{
|
|
/*
|
|
* RFC 2595 says this:
|
|
@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
* Now that we're confident in our TLS connection we can
|
|
* guarantee a secure capability re-probe.
|
|
*/
|
|
+ set_timeout(0);
|
|
done_capa = FALSE;
|
|
ok = capa_probe(sock);
|
|
if (ok != PS_SUCCESS) {
|
|
@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
} else if (must_tls(ctl)) {
|
|
/* Config required TLS but we couldn't guarantee it, so we must
|
|
* stop. */
|
|
+ set_timeout(0);
|
|
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
|
|
return PS_SOCKET;
|
|
} else {
|
|
@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
* allowed til post-authentication), so leave it in an unknown
|
|
* state, mark it as such, and check more carefully if things
|
|
* go wrong when we try to authenticate. */
|
|
+ set_timeout(0);
|
|
connection_may_have_tls_errors = TRUE;
|
|
if (outlevel >= O_VERBOSE)
|
|
{
|