On Thu, 5 Sep 2002 03:17:06 +0200 (EET) Nerijus Baliunas
<nerijus(_at_)users(_dot_)sourceforge(_dot_)net> wrote:
Hello,
I found that Matt Kraai's patch for supporting STLS over POP3 was
included in fetchmail 5.9.9. I tried to do something similar for IMAP,
but get "Unknown login or authentication error", although I do see
(with a sniffer) fetchmail issuing STARTTLS command and server answering
"OK STARTTLS completed".
I tried with different IMAP server supporting STARTTLS extension, and succeeded.
Also tried with servers not announcing STARTTLS, also succeeded (i.e. fetchmail
didn't try to use STARTTLS). Slightly improved patch below. Is it possible to
include it in an upcoming release?
For servers which advertise STARTTLS extension but fail to authenticate
correctly, the following FAQ entry should be included:
R12. I get "Unknown login or authentication error" or "SSL connection failed".
Your IMAP server is broken. It advertises STARTTLS extension, but does not
support
it or is not correctly configured. You can work around this with the declaration
auth password in your .fetchmailrc.
Regards,
Nerijus
--- fetchmail-5.9.14-orig/imap.c Tue Jun 4 15:55:05 2002
+++ fetchmail-5.9.14/imap.c Fri Sep 6 17:04:28 2002
@@ -356,6 +356,27 @@
}
#endif /* KERBEROS_V4 */
+#ifdef SSL_ENABLE
+ if ((ctl->server.authenticate == A_ANY)
+ && strstr(capabilities, "STARTTLS"))
+ {
+ char *realhost;
+
+ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+ gen_transact(sock, "STARTTLS");
+
+ /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
+ * not other SSL protocols
+ */
+ if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck,
ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+ {
+ report(stderr,
+ GT_("SSL connection failed.\n"));
+ return(PS_AUTHFAIL);
+ }
+ }
+#endif /* SSL_ENABLE */
+
/*
* No such luck. OK, now try the variants that mask your password
* in a challenge-response.