Support STARTTLS on IMAP and POP3, from Markus Bachmann.
Nicholas Marriott
9 years ago
| 580 | 580 | |
| 581 | 581 | account "acct" pop3 server "server" user "bob" pass "pass" no-apop |
| 582 | 582 | |
| 583 | The 'starttls' keyword may be added to a POP3 account to attemp STARTTLS after | |
| 584 | connection. | |
| 585 | ||
| 583 | 586 | POP3S is specified in exactly the same way, except using the 'pop3s' keyword |
| 584 | 587 | for the type, and the default port is 'pop3s' rather than 'pop3': |
| 585 | 588 | |
| 671 | 674 | the older LOGIN method is used. For IMAPS connections (which use SSL), the |
| 672 | 675 | LOGIN method is just as secure. Either of these methods may be disabled with |
| 673 | 676 | the 'no-cram-md5' and 'no-login' options. |
| 677 | ||
| 678 | The 'starttls' keyword may be added to an IMAP account to attemp STARTTLS after | |
| 679 | connection. | |
| 674 | 680 | |
| 675 | 681 | As with POP3, IMAP adds the 'server', 'port', 'server_uid' and the three line |
| 676 | 682 | count tags to mail. |
| 41 | 41 | int getport(char *); |
| 42 | 42 | int httpproxy(struct server *, struct proxy *, struct io *, int, char **); |
| 43 | 43 | int socks5proxy(struct server *, struct proxy *, struct io *, int, char **); |
| 44 | ||
| 45 | SSL *makessl(struct server *, int, int, int, char **); | |
| 46 | 44 | |
| 47 | 45 | char * |
| 48 | 46 | sslerror(const char *fn) |
| 81 | 81 | struct server server; |
| 82 | 82 | int nocrammd5; |
| 83 | 83 | int nologin; |
| 84 | int starttls; | |
| 84 | 85 | |
| 85 | 86 | struct replstr folder; |
| 86 | 87 | }; |
| 368 | 368 | .Op Ar only |
| 369 | 369 | .Op Ic no-apop |
| 370 | 370 | .Op Ic no-uidl |
| 371 | .Op Ic starttls | |
| 371 | 372 | .Xc |
| 372 | 373 | .It Xo Ic pop3s Ic server Ar host |
| 373 | 374 | .Op Ic port Ar port |
| 442 | 443 | .Ic no-tls1 |
| 443 | 444 | keyword instructs |
| 444 | 445 | .Xr fdm 1 |
| 445 | not to use the TLSv1 protocol with SSL connections. Some broken servers will | |
| 446 | fail in the handshake phase if the | |
| 446 | not to use the TLSv1 protocol with SSL connections. | |
| 447 | Some broken servers will fail in the handshake phase if the | |
| 447 | 448 | .Ic tls1 |
| 448 | 449 | flag is not unset. |
| 450 | .Pp | |
| 451 | .Ic starttls | |
| 452 | attempts to use | |
| 453 | .Em STARTTLS | |
| 454 | after connection. | |
| 449 | 455 | .It Xo Ic pop3 Ic pipe Ar command |
| 450 | 456 | .Op Ar userpass |
| 451 | 457 | .Op Ar only |
| 468 | 474 | .Op Ar only |
| 469 | 475 | .Op Ic no-cram-md5 |
| 470 | 476 | .Op Ic no-login |
| 477 | .Op Ic starttls | |
| 471 | 478 | .Xc |
| 472 | 479 | .It Xo Ic imap Ic server Ar host |
| 473 | 480 | .Op Ic port Ar port |
| 516 | 523 | .Ic no-login |
| 517 | 524 | disable the given authentication method. |
| 518 | 525 | The default is to use CRAM-MD5 if it is available, or LOGIN otherwise. |
| 526 | .Pp | |
| 527 | .Ic starttls | |
| 528 | attempts to use | |
| 529 | .Em STARTTLS | |
| 530 | after connection. | |
| 519 | 531 | .It Xo Ic imap Ic pipe Ar command |
| 520 | 532 | .Op Ar userpass |
| 521 | 533 | .Op Ar folders |
| 849 | 849 | /* connect.c */ |
| 850 | 850 | char *sslerror(const char *); |
| 851 | 851 | char *sslerror2(int, const char *); |
| 852 | SSL *makessl(struct server *, int, int, int, char **); | |
| 852 | 853 | void getaddrs(const char *, char **, char **); |
| 853 | 854 | struct proxy *getproxy(const char *); |
| 854 | 855 | struct io *connectproxy(struct server *, int, struct proxy *, |
| 148 | 148 | char *pass; |
| 149 | 149 | struct server server; |
| 150 | 150 | char *pipecmd; |
| 151 | int starttls; | |
| 151 | 152 | int apop; |
| 152 | 153 | int uidl; |
| 153 | 154 | |
| 199 | 200 | char *pass; |
| 200 | 201 | struct server server; |
| 201 | 202 | char *pipecmd; |
| 203 | int starttls; | |
| 202 | 204 | int nocrammd5; |
| 203 | 205 | int nologin; |
| 204 | 206 | |
| 246 | 248 | |
| 247 | 249 | #define IMAP_CAPA_AUTH_CRAM_MD5 0x1 |
| 248 | 250 | #define IMAP_CAPA_XYZZY 0x2 |
| 251 | #define IMAP_CAPA_STARTTLS 0x4 | |
| 249 | 252 | |
| 250 | 253 | /* fetch-maildir.c */ |
| 251 | 254 | extern struct fetch fetch_maildir; |
| 38 | 38 | char *imap_base64_encode(char *); |
| 39 | 39 | char *imap_base64_decode(char *); |
| 40 | 40 | |
| 41 | int imap_pick_auth(struct account *, struct fetch_ctx *); | |
| 42 | ||
| 41 | 43 | int imap_state_connect(struct account *, struct fetch_ctx *); |
| 42 | 44 | int imap_state_capability1(struct account *, struct fetch_ctx *); |
| 43 | 45 | int imap_state_capability2(struct account *, struct fetch_ctx *); |
| 46 | int imap_state_starttls(struct account *, struct fetch_ctx *); | |
| 44 | 47 | int imap_state_cram_md5_auth(struct account *, struct fetch_ctx *); |
| 45 | 48 | int imap_state_login(struct account *, struct fetch_ctx *); |
| 46 | 49 | int imap_state_user(struct account *, struct fetch_ctx *); |
| 282 | 285 | return (data->folders_total); |
| 283 | 286 | } |
| 284 | 287 | |
| 285 | /* Common initialisation state. */ | |
| 286 | int | |
| 287 | imap_state_init(struct account *a, struct fetch_ctx *fctx) | |
| 288 | { | |
| 289 | struct fetch_imap_data *data = a->data; | |
| 290 | ||
| 291 | ARRAY_INIT(&data->dropped); | |
| 292 | ARRAY_INIT(&data->kept); | |
| 293 | ARRAY_INIT(&data->wanted); | |
| 294 | ||
| 295 | data->tag = 0; | |
| 296 | ||
| 297 | data->folder = 0; | |
| 298 | data->folders_total = 0; | |
| 299 | ||
| 300 | fctx->state = imap_state_connect; | |
| 301 | return (FETCH_AGAIN); | |
| 302 | } | |
| 303 | ||
| 304 | /* Connect state. */ | |
| 305 | int | |
| 306 | imap_state_connect(struct account *a, struct fetch_ctx *fctx) | |
| 307 | { | |
| 308 | struct fetch_imap_data *data = a->data; | |
| 309 | ||
| 310 | if (data->connect(a) != 0) | |
| 311 | return (FETCH_ERROR); | |
| 312 | ||
| 313 | fctx->state = imap_state_connected; | |
| 314 | return (FETCH_BLOCK); | |
| 315 | } | |
| 316 | ||
| 317 | /* Connected state: wait for initial line from server. */ | |
| 318 | int | |
| 319 | imap_state_connected(struct account *a, struct fetch_ctx *fctx) | |
| 320 | { | |
| 321 | struct fetch_imap_data *data = a->data; | |
| 322 | char *line; | |
| 323 | ||
| 324 | if (imap_getln(a, fctx, IMAP_UNTAGGED, &line) != 0) | |
| 325 | return (FETCH_ERROR); | |
| 326 | if (line == NULL) | |
| 327 | return (FETCH_BLOCK); | |
| 328 | ||
| 329 | if (strncmp(line, "* PREAUTH", 9) == 0) { | |
| 330 | fctx->state = imap_state_select1; | |
| 331 | return (FETCH_AGAIN); | |
| 332 | } | |
| 333 | if (data->user == NULL || data->pass == NULL) { | |
| 334 | log_warnx("%s: not PREAUTH and no user or password", a->name); | |
| 335 | return (FETCH_ERROR); | |
| 336 | } | |
| 337 | ||
| 338 | if (imap_putln(a, "%u CAPABILITY", ++data->tag) != 0) | |
| 339 | return (FETCH_ERROR); | |
| 340 | fctx->state = imap_state_capability1; | |
| 341 | return (FETCH_BLOCK); | |
| 342 | } | |
| 343 | ||
| 344 | /* Capability state 1. Parse capabilities and set flags. */ | |
| 345 | int | |
| 346 | imap_state_capability1(struct account *a, struct fetch_ctx *fctx) | |
| 347 | { | |
| 348 | struct fetch_imap_data *data = a->data; | |
| 349 | char *line, *ptr; | |
| 350 | ||
| 351 | if (imap_getln(a, fctx, IMAP_UNTAGGED, &line) != 0) | |
| 352 | return (FETCH_ERROR); | |
| 353 | if (line == NULL) | |
| 354 | return (FETCH_BLOCK); | |
| 355 | ||
| 356 | /* Convert to uppercase. */ | |
| 357 | for (ptr = line; *ptr != '\0'; ptr++) | |
| 358 | *ptr = toupper((u_char) *ptr); | |
| 359 | ||
| 360 | if (strstr(line, "IMAP4REV1") == NULL) { | |
| 361 | log_warnx("%s: no IMAP4rev1 capability: %s", a->name, line); | |
| 362 | return (FETCH_ERROR); | |
| 363 | } | |
| 364 | ||
| 365 | data->capa = 0; | |
| 366 | if (strstr(line, "AUTH=CRAM-MD5") != NULL) | |
| 367 | data->capa |= IMAP_CAPA_AUTH_CRAM_MD5; | |
| 368 | ||
| 369 | /* Use XYZZY to detect Google brokenness. */ | |
| 370 | if (strstr(line, "XYZZY") != NULL) | |
| 371 | data->capa |= IMAP_CAPA_XYZZY; | |
| 372 | ||
| 373 | fctx->state = imap_state_capability2; | |
| 374 | return (FETCH_AGAIN); | |
| 375 | } | |
| 376 | ||
| 377 | /* Capability state 2. Check capabilities and choose login type. */ | |
| 378 | int | |
| 379 | imap_state_capability2(struct account *a, struct fetch_ctx *fctx) | |
| 380 | { | |
| 381 | struct fetch_imap_data *data = a->data; | |
| 382 | char *line; | |
| 383 | ||
| 384 | if (imap_getln(a, fctx, IMAP_TAGGED, &line) != 0) | |
| 385 | return (FETCH_ERROR); | |
| 386 | if (line == NULL) | |
| 387 | return (FETCH_BLOCK); | |
| 388 | if (!imap_okay(line)) | |
| 389 | return (imap_bad(a, line)); | |
| 288 | /* Try an authentication method. */ | |
| 289 | int | |
| 290 | imap_pick_auth(struct account *a, struct fetch_ctx *fctx) | |
| 291 | { | |
| 292 | struct fetch_imap_data *data = a->data; | |
| 390 | 293 | |
| 391 | 294 | /* Try CRAM-MD5, if server supports it and user allows it. */ |
| 392 | 295 | if (!data->nocrammd5 && (data->capa & IMAP_CAPA_AUTH_CRAM_MD5)) { |
| 408 | 311 | |
| 409 | 312 | log_warnx("%s: no authentication methods", a->name); |
| 410 | 313 | return (FETCH_ERROR); |
| 314 | } | |
| 315 | ||
| 316 | /* Common initialisation state. */ | |
| 317 | int | |
| 318 | imap_state_init(struct account *a, struct fetch_ctx *fctx) | |
| 319 | { | |
| 320 | struct fetch_imap_data *data = a->data; | |
| 321 | ||
| 322 | ARRAY_INIT(&data->dropped); | |
| 323 | ARRAY_INIT(&data->kept); | |
| 324 | ARRAY_INIT(&data->wanted); | |
| 325 | ||
| 326 | data->tag = 0; | |
| 327 | ||
| 328 | data->folder = 0; | |
| 329 | data->folders_total = 0; | |
| 330 | ||
| 331 | fctx->state = imap_state_connect; | |
| 332 | return (FETCH_AGAIN); | |
| 333 | } | |
| 334 | ||
| 335 | /* Connect state. */ | |
| 336 | int | |
| 337 | imap_state_connect(struct account *a, struct fetch_ctx *fctx) | |
| 338 | { | |
| 339 | struct fetch_imap_data *data = a->data; | |
| 340 | ||
| 341 | if (data->connect(a) != 0) | |
| 342 | return (FETCH_ERROR); | |
| 343 | ||
| 344 | fctx->state = imap_state_connected; | |
| 345 | return (FETCH_BLOCK); | |
| 346 | } | |
| 347 | ||
| 348 | /* Connected state: wait for initial line from server. */ | |
| 349 | int | |
| 350 | imap_state_connected(struct account *a, struct fetch_ctx *fctx) | |
| 351 | { | |
| 352 | struct fetch_imap_data *data = a->data; | |
| 353 | char *line; | |
| 354 | ||
| 355 | if (imap_getln(a, fctx, IMAP_UNTAGGED, &line) != 0) | |
| 356 | return (FETCH_ERROR); | |
| 357 | if (line == NULL) | |
| 358 | return (FETCH_BLOCK); | |
| 359 | ||
| 360 | if (strncmp(line, "* PREAUTH", 9) == 0) { | |
| 361 | fctx->state = imap_state_select1; | |
| 362 | return (FETCH_AGAIN); | |
| 363 | } | |
| 364 | if (data->user == NULL || data->pass == NULL) { | |
| 365 | log_warnx("%s: not PREAUTH and no user or password", a->name); | |
| 366 | return (FETCH_ERROR); | |
| 367 | } | |
| 368 | ||
| 369 | if (imap_putln(a, "%u CAPABILITY", ++data->tag) != 0) | |
| 370 | return (FETCH_ERROR); | |
| 371 | fctx->state = imap_state_capability1; | |
| 372 | return (FETCH_BLOCK); | |
| 373 | } | |
| 374 | ||
| 375 | /* Capability state 1. Parse capabilities and set flags. */ | |
| 376 | int | |
| 377 | imap_state_capability1(struct account *a, struct fetch_ctx *fctx) | |
| 378 | { | |
| 379 | struct fetch_imap_data *data = a->data; | |
| 380 | char *line, *ptr; | |
| 381 | ||
| 382 | if (imap_getln(a, fctx, IMAP_UNTAGGED, &line) != 0) | |
| 383 | return (FETCH_ERROR); | |
| 384 | if (line == NULL) | |
| 385 | return (FETCH_BLOCK); | |
| 386 | ||
| 387 | /* Convert to uppercase. */ | |
| 388 | for (ptr = line; *ptr != '\0'; ptr++) | |
| 389 | *ptr = toupper((u_char) *ptr); | |
| 390 | ||
| 391 | if (strstr(line, "IMAP4REV1") == NULL) { | |
| 392 | log_warnx("%s: no IMAP4rev1 capability: %s", a->name, line); | |
| 393 | return (FETCH_ERROR); | |
| 394 | } | |
| 395 | ||
| 396 | data->capa = 0; | |
| 397 | if (strstr(line, "AUTH=CRAM-MD5") != NULL) | |
| 398 | data->capa |= IMAP_CAPA_AUTH_CRAM_MD5; | |
| 399 | ||
| 400 | /* Use XYZZY to detect Google brokenness. */ | |
| 401 | if (strstr(line, "XYZZY") != NULL) | |
| 402 | data->capa |= IMAP_CAPA_XYZZY; | |
| 403 | ||
| 404 | if (strstr(line, "STARTTLS") != NULL) | |
| 405 | data->capa |= IMAP_CAPA_STARTTLS; | |
| 406 | ||
| 407 | fctx->state = imap_state_capability2; | |
| 408 | return (FETCH_AGAIN); | |
| 409 | } | |
| 410 | ||
| 411 | /* Capability state 2. Check capabilities and choose login type. */ | |
| 412 | int | |
| 413 | imap_state_capability2(struct account *a, struct fetch_ctx *fctx) | |
| 414 | { | |
| 415 | struct fetch_imap_data *data = a->data; | |
| 416 | char *line; | |
| 417 | ||
| 418 | if (imap_getln(a, fctx, IMAP_TAGGED, &line) != 0) | |
| 419 | return (FETCH_ERROR); | |
| 420 | if (line == NULL) | |
| 421 | return (FETCH_BLOCK); | |
| 422 | if (!imap_okay(line)) | |
| 423 | return (imap_bad(a, line)); | |
| 424 | ||
| 425 | if (data->starttls) { | |
| 426 | if (!(data->capa & IMAP_CAPA_STARTTLS)) { | |
| 427 | log_warnx("%s: server doesn't support STARTTLS", | |
| 428 | a->name); | |
| 429 | return (FETCH_ERROR); | |
| 430 | } | |
| 431 | if (imap_putln(a, "%u STARTTLS", ++data->tag) != 0) | |
| 432 | return (FETCH_ERROR); | |
| 433 | fctx->state = imap_state_starttls; | |
| 434 | return (FETCH_BLOCK); | |
| 435 | } | |
| 436 | ||
| 437 | return (imap_pick_auth(a, fctx)); | |
| 438 | } | |
| 439 | ||
| 440 | /* STARTTLS state. */ | |
| 441 | int | |
| 442 | imap_state_starttls(struct account *a, struct fetch_ctx *fctx) | |
| 443 | { | |
| 444 | struct fetch_imap_data *data = a->data; | |
| 445 | char *line, *cause; | |
| 446 | ||
| 447 | if (imap_getln(a, fctx, IMAP_TAGGED, &line) != 0) | |
| 448 | return (FETCH_ERROR); | |
| 449 | if (line == NULL) | |
| 450 | return (FETCH_BLOCK); | |
| 451 | if (!imap_okay(line)) | |
| 452 | return (imap_bad(a, line)); | |
| 453 | ||
| 454 | data->io->ssl = makessl(&data->server, data->io->fd, | |
| 455 | conf.verify_certs && data->server.verify, conf.timeout, &cause); | |
| 456 | if (data->io->ssl == NULL) { | |
| 457 | log_warnx("%s: STARTTLS failed: %s", a->name, cause); | |
| 458 | xfree(cause); | |
| 459 | return (FETCH_ERROR); | |
| 460 | } | |
| 461 | ||
| 462 | return (imap_pick_auth(a, fctx)); | |
| 411 | 463 | } |
| 412 | 464 | |
| 413 | 465 | /* CRAM-MD5 auth state. */ |
| 180 | 180 | { "set", TOKSET }, |
| 181 | 181 | { "size", TOKSIZE }, |
| 182 | 182 | { "smtp", TOKSMTP }, |
| 183 | { "starttls", TOKSTARTTLS }, | |
| 183 | 184 | { "stdin", TOKSTDIN }, |
| 184 | 185 | { "stdout", TOKSTDOUT }, |
| 185 | 186 | { "string", TOKSTRING }, |
| 228 | 228 | %token TOKSET |
| 229 | 229 | %token TOKSIZE |
| 230 | 230 | %token TOKSMTP |
| 231 | %token TOKSTARTTLS | |
| 231 | 232 | %token TOKSTDIN |
| 232 | 233 | %token TOKSTDOUT |
| 233 | 234 | %token TOKSTRING |
| 304 | 305 | %type <exprop> exprop |
| 305 | 306 | %type <fetch> fetchtype |
| 306 | 307 | %type <flag> cont not disabled keep execpipe writeappend compress verify tls1 |
| 307 | %type <flag> apop poptype imaptype nntptype nocrammd5 nologin uidl | |
| 308 | %type <flag> apop poptype imaptype nntptype nocrammd5 nologin uidl starttls | |
| 308 | 309 | %type <localgid> localgid |
| 309 | 310 | %type <locks> lock locklist |
| 310 | 311 | %type <number> size time numv retrc expire |
| 1208 | 1209 | data->compress = $3; |
| 1209 | 1210 | } |
| 1210 | 1211 | | imaptype server userpassnetrc folder1 verify nocrammd5 nologin tls1 |
| 1212 | starttls | |
| 1211 | 1213 | { |
| 1212 | 1214 | struct deliver_imap_data *data; |
| 1215 | ||
| 1216 | if ($1 && $9) | |
| 1217 | yyerror("use either imaps or set starttls"); | |
| 1213 | 1218 | |
| 1214 | 1219 | $$ = xcalloc(1, sizeof *$$); |
| 1215 | 1220 | $$->deliver = &deliver_imap; |
| 1244 | 1249 | data->server.ai = NULL; |
| 1245 | 1250 | data->nocrammd5 = $6; |
| 1246 | 1251 | data->nologin = $7; |
| 1252 | data->starttls = $9; | |
| 1247 | 1253 | } |
| 1248 | 1254 | | TOKSMTP server from to |
| 1249 | 1255 | { |
| 2023 | 2029 | { |
| 2024 | 2030 | $$ = 1; |
| 2025 | 2031 | } |
| 2032 | ||
| 2033 | starttls: TOKSTARTTLS | |
| 2034 | { | |
| 2035 | $$ = 1; | |
| 2036 | } | |
| 2037 | | /* empty */ | |
| 2038 | { | |
| 2039 | $$ = 0; | |
| 2040 | } | |
| 2041 | ||
| 2026 | 2042 | |
| 2027 | 2043 | uidl: TOKNOUIDL |
| 2028 | 2044 | { |
| 2175 | 2191 | $$ = FETCH_ONLY_ALL; |
| 2176 | 2192 | } |
| 2177 | 2193 | |
| 2178 | fetchtype: poptype server userpassnetrc poponly apop verify uidl tls1 | |
| 2194 | fetchtype: poptype server userpassnetrc poponly apop verify uidl tls1 starttls | |
| 2179 | 2195 | { |
| 2180 | 2196 | struct fetch_pop3_data *data; |
| 2197 | ||
| 2198 | if ($1 && $9) | |
| 2199 | yyerror("use either pop3s or set starttls"); | |
| 2181 | 2200 | |
| 2182 | 2201 | $$.fetch = &fetch_pop3; |
| 2183 | 2202 | data = xcalloc(1, sizeof *data); |
| 2209 | 2228 | data->server.ai = NULL; |
| 2210 | 2229 | data->apop = $5; |
| 2211 | 2230 | data->uidl = $7; |
| 2231 | data->starttls = $9; | |
| 2212 | 2232 | |
| 2213 | 2233 | data->path = $4.path; |
| 2214 | 2234 | data->only = $4.only; |
| 2230 | 2250 | data->only = $5.only; |
| 2231 | 2251 | } |
| 2232 | 2252 | | imaptype server userpassnetrc folderlist imaponly verify nocrammd5 |
| 2233 | nologin tls1 | |
| 2253 | nologin tls1 starttls | |
| 2234 | 2254 | { |
| 2235 | 2255 | struct fetch_imap_data *data; |
| 2256 | ||
| 2257 | if ($1 && $10) | |
| 2258 | yyerror("use either imaps or set starttls"); | |
| 2236 | 2259 | |
| 2237 | 2260 | $$.fetch = &fetch_imap; |
| 2238 | 2261 | data = xcalloc(1, sizeof *data); |
| 2266 | 2289 | data->only = $5; |
| 2267 | 2290 | data->nocrammd5 = $7; |
| 2268 | 2291 | data->nologin = $8; |
| 2292 | data->starttls = $10; | |
| 2269 | 2293 | } |
| 2270 | 2294 | | TOKIMAP TOKPIPE replstrv userpass folderlist imaponly |
| 2271 | 2295 | { |
| 51 | 51 | int pop3_invalid(struct account *, const char *); |
| 52 | 52 | |
| 53 | 53 | int pop3_state_connect(struct account *, struct fetch_ctx *); |
| 54 | int pop3_state_starttls(struct account *, struct fetch_ctx *); | |
| 54 | 55 | int pop3_state_connected(struct account *, struct fetch_ctx *); |
| 55 | 56 | int pop3_state_user(struct account *, struct fetch_ctx *); |
| 56 | 57 | int pop3_state_cache1(struct account *, struct fetch_ctx *); |
| 361 | 362 | if (data->connect(a) != 0) |
| 362 | 363 | return (FETCH_ERROR); |
| 363 | 364 | |
| 365 | if (data->starttls) | |
| 366 | fctx->state = pop3_state_starttls; | |
| 367 | else | |
| 368 | fctx->state = pop3_state_connected; | |
| 369 | return (FETCH_BLOCK); | |
| 370 | } | |
| 371 | ||
| 372 | /* STARTTLS state. */ | |
| 373 | int | |
| 374 | pop3_state_starttls(struct account *a, struct fetch_ctx *fctx) | |
| 375 | { | |
| 376 | struct fetch_pop3_data *data = a->data; | |
| 377 | char *line; | |
| 378 | ||
| 379 | if (pop3_getln(a, fctx, &line) != 0) | |
| 380 | return (FETCH_ERROR); | |
| 381 | if (line == NULL) | |
| 382 | return (FETCH_BLOCK); | |
| 383 | if (!pop3_okay(line)) | |
| 384 | return (pop3_bad(a, line)); | |
| 385 | ||
| 386 | if (pop3_putln(a, "STLS") != 0) | |
| 387 | return (FETCH_ERROR); | |
| 388 | ||
| 364 | 389 | fctx->state = pop3_state_connected; |
| 365 | 390 | return (FETCH_BLOCK); |
| 366 | 391 | } |
| 370 | 395 | pop3_state_connected(struct account *a, struct fetch_ctx *fctx) |
| 371 | 396 | { |
| 372 | 397 | struct fetch_pop3_data *data = a->data; |
| 373 | char *line, *ptr, *src; | |
| 398 | char *line, *ptr, *src, *cause; | |
| 374 | 399 | char out[MD5_DIGEST_LENGTH * 2 + 1]; |
| 375 | 400 | u_char digest[MD5_DIGEST_LENGTH]; |
| 376 | 401 | u_int i; |
| 381 | 406 | return (FETCH_BLOCK); |
| 382 | 407 | if (!pop3_okay(line)) |
| 383 | 408 | return (pop3_bad(a, line)); |
| 409 | ||
| 410 | if (data->starttls) { | |
| 411 | data->io->ssl = makessl(&data->server, data->io->fd, | |
| 412 | conf.verify_certs && data->server.verify, conf.timeout, | |
| 413 | &cause); | |
| 414 | if (data->io->ssl == NULL) { | |
| 415 | log_warnx("%s: STARTTLS failed: %s", a->name, cause); | |
| 416 | xfree(cause); | |
| 417 | return (FETCH_ERROR); | |
| 418 | } | |
| 419 | } | |
| 384 | 420 | |
| 385 | 421 | if (data->apop && (line = strchr(line, '<')) != NULL) { |
| 386 | 422 | if ((ptr = strchr(line + 1, '>')) != NULL) { |