From 1e6b822f3fa5bc17ceb94850c15bef643dda393d Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Thu, 14 May 2020 14:13:40 -0600 Subject: * Create /starttls as a synonym of /tls. Update the documentation to use /starttls instead of /tls. This should cause less confusion in Alpine users in the future. --- imap/docs/naming.txt | 8 ++++++-- imap/src/c-client/imap4r1.c | 8 ++++---- imap/src/c-client/mail.c | 6 +++--- imap/src/c-client/nntp.c | 10 +++++----- imap/src/c-client/pop3.c | 6 +++--- 5 files changed, 21 insertions(+), 17 deletions(-) (limited to 'imap') diff --git a/imap/docs/naming.txt b/imap/docs/naming.txt index b0b484ae..6c06a9c1 100644 --- a/imap/docs/naming.txt +++ b/imap/docs/naming.txt @@ -110,13 +110,17 @@ where: default behavior) "/novalidate-cert" do not validate certificates from TLS/SSL server, needed if server uses self-signed certificates - "/tls" force use of start-TLS to encrypt the session, and + "/starttls" force use of start-TLS to encrypt the session, and reject connection to servers that do not support it + "/tls1" force use of TLSv1, fail if not possible. + "/tls1_1" force use of TLSv1.1, fail if not possible. + "/tls1_2" force use of TLSv1.2, fail if not possible. + "/tls1_3" force use of TLSv1.3, fail if not possible. "/tls-sslv23" use the depreciated SSLv23 client when negotiating TLS to the server. This is necessary with some broken servers which (incorrectly) think that TLS is just another way of doing SSL. - "/notls" do not do start-TLS to encrypt the session, even + "/nostarttls" do not do start-TLS to encrypt the session, even with servers that support it "/readonly" request read-only mailbox open (IMAP only; ignored on NNTP, and an error with SMTP and POP3) diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c index 43e5398b..a41973b5 100644 --- a/imap/src/c-client/imap4r1.c +++ b/imap/src/c-client/imap4r1.c @@ -852,7 +852,7 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) /* IMAP connection open logic is more complex than net_open() normally * deals with, because of the simap and rimap hacks. * If the session is anonymous, a specific port is given, or if /ssl or - * /tls is set, do net_open() since those conditions override everything + * /starttls is set, do net_open() since those conditions override everything * else. */ if (stream->anonymous || mb.port || mb.sslflag || mb.tlsflag) @@ -911,7 +911,7 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) /* get capabilities now that TLS in effect */ if (LOCAL->netstream) imap_capability (stream); } - else if (mb.tlsflag) { /* user specified /tls but can't do it */ + else if (mb.tlsflag) { /* user specified /starttls but can't do it */ mm_log ("Unable to negotiate TLS with this server",ERROR); return NIL; } @@ -975,13 +975,13 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) if (!((i = net_port (LOCAL->netstream)) & 0xffff0000)) sprintf (tmp + strlen (tmp),":%lu",i); strcat (tmp,"/imap"); - if (LOCAL->tlsflag) strcat (tmp,"/tls"); + if (LOCAL->tlsflag) strcat (tmp,"/starttls"); if (LOCAL->tls1) strcat (tmp,"/tls1"); if (LOCAL->tls1_1) strcat (tmp,"/tls1_1"); if (LOCAL->tls1_2) strcat (tmp,"/tls1_2"); if (LOCAL->tls1_3) strcat (tmp,"/tls1_3"); if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23"); - if (LOCAL->notlsflag) strcat (tmp,"/notls"); + if (LOCAL->notlsflag) strcat (tmp,"/nostarttls"); if (LOCAL->sslflag) strcat (tmp,"/ssl"); if (LOCAL->novalidate) strcat (tmp,"/novalidate-cert"); if (LOCAL->loser) strcat (tmp,"/loser"); diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c index e591a521..90020d5d 100644 --- a/imap/src/c-client/mail.c +++ b/imap/src/c-client/mail.c @@ -847,11 +847,11 @@ long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service) else if (!compare_cstring (s,"secure")) mb->secflag = T; else if (!compare_cstring (s,"norsh")) mb->norsh = T; else if (!compare_cstring (s,"loser")) mb->loser = T; - else if (!compare_cstring (s,"tls") && !mb->notlsflag) + else if ((!compare_cstring (s,"starttls") || !compare_cstring (s,"tls")) && !mb->notlsflag) mb->tlsflag = T; else if (!compare_cstring (s,"tls-sslv23") && !mb->notlsflag) mb->tlssslv23 = mb->tlsflag = T; - else if (!compare_cstring (s,"notls") && !mb->tlsflag) + else if ((!compare_cstring (s,"notls") || !compare_cstring(s,"nostarttls")) && !mb->tlsflag) mb->notlsflag = T; else if (!compare_cstring (s,"tryssl")) mb->trysslflag = mailssldriver? T : NIL; @@ -1274,7 +1274,7 @@ MAILSTREAM *mail_open (MAILSTREAM *stream,char *name,long options) if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=%.64s",mb.user); if (mb.dbgflag) strcat (tmp,"/debug"); if (mb.secflag) strcat (tmp,"/secure"); - if (mb.tlsflag) strcat (tmp,"/tls"); + if (mb.tlsflag) strcat (tmp,"/starttls"); if (mb.notlsflag) strcat (tmp,"/notls"); if (mb.sslflag) strcat (tmp,"/ssl"); if (mb.tls1) strcat (tmp,"/tls1"); diff --git a/imap/src/c-client/nntp.c b/imap/src/c-client/nntp.c index bce7c636..a46a5bd6 100644 --- a/imap/src/c-client/nntp.c +++ b/imap/src/c-client/nntp.c @@ -688,9 +688,9 @@ MAILSTREAM *nntp_mopen (MAILSTREAM *stream) hostlist[0] = strcpy (tmp,mb.host); if (mb.port || nntp_port) sprintf (tmp + strlen (tmp),":%lu",mb.port ? mb.port : nntp_port); - if (mb.tlsflag) strcat (tmp,"/tls"); + if (mb.tlsflag) strcat (tmp,"/starttls"); if (mb.tlssslv23) strcat (tmp,"/tls-sslv23"); - if (mb.notlsflag) strcat (tmp,"/notls"); + if (mb.notlsflag) strcat (tmp,"/nostarttls"); if (mb.sslflag) strcat (tmp,"/ssl"); if (mb.tls1) strcat (tmp,"/tls1"); if (mb.tls1_1) strcat (tmp,"/tls1_1"); @@ -761,9 +761,9 @@ MAILSTREAM *nntp_mopen (MAILSTREAM *stream) sprintf (tmp,"{%s:%lu/nntp",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ? net_host (nstream->netstream) : mb.host, net_port (nstream->netstream)); - if (LOCAL->tlsflag) strcat (tmp,"/tls"); + if (LOCAL->tlsflag) strcat (tmp,"/starttls"); if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23"); - if (LOCAL->notlsflag) strcat (tmp,"/notls"); + if (LOCAL->notlsflag) strcat (tmp,"/nostarttls"); if (LOCAL->sslflag) strcat (tmp,"/ssl"); if (LOCAL->tls1) strcat (tmp,"/tls1"); if (LOCAL->tls1_1) strcat (tmp,"/tls1_1"); @@ -1752,7 +1752,7 @@ SENDSTREAM *nntp_open_full (NETDRIVER *dv,char **hostlist,char *service, stream = nntp_close (stream); } } - else if (mb.tlsflag) { /* user specified /tls but can't do it */ + else if (mb.tlsflag) { /* user specified /starttls but can't do it */ mm_log ("Unable to negotiate TLS with this server",ERROR); return NIL; } diff --git a/imap/src/c-client/pop3.c b/imap/src/c-client/pop3.c index 6f69a400..b5b51486 100644 --- a/imap/src/c-client/pop3.c +++ b/imap/src/c-client/pop3.c @@ -420,13 +420,13 @@ MAILSTREAM *pop3_open (MAILSTREAM *stream) (long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ? net_host (LOCAL->netstream) : mb.host, net_port (LOCAL->netstream)); - if (mb.tlsflag) strcat (tmp,"/tls"); + if (mb.tlsflag) strcat (tmp,"/starttls"); if (mb.tlssslv23) strcat (tmp,"/tls-sslv23"); if (mb.tls1) strcat (tmp,"/tls1"); if (mb.tls1_1) strcat (tmp,"/tls1_1"); if (mb.tls1_2) strcat (tmp,"/tls1_2"); if (mb.tls1_3) strcat (tmp,"/tls1_3"); - if (mb.notlsflag) strcat (tmp,"/notls"); + if (mb.notlsflag) strcat (tmp,"/nostarttls"); if (mb.sslflag) strcat (tmp,"/ssl"); if (mb.novalidate) strcat (tmp,"/novalidate-cert"); if ((LOCAL->loser = mb.loser) != 0) strcat (tmp,"/loser"); @@ -578,7 +578,7 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr) } pop3_capa (stream,flags); /* get capabilities now that TLS in effect */ } - else if (mb->tlsflag) { /* user specified /tls but can't do it */ + else if (mb->tlsflag) { /* user specified /starttls but can't do it */ mm_log ("Unable to negotiate TLS with this server",ERROR); return NIL; } -- cgit v1.2.3-70-g09d2