From 2d5a73c55dfb4f34930cd0a1af3a741372a4ceb2 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sun, 3 Oct 2010 11:53:18 +0200
Subject: [PATCH] don't hang after failed start_tls()

we'd send a LOGOUT command in plain text while the server was already
expecting an encrypted command, which would typically lead to waiting
for more data and thus an indefinite hang.
so close the socket immediately instead of letting the normal shutdown
path take care of it.
inspired by a patch by Steven Flintham.

-REFMAIL: 4C9AB98E.3000400@lemma.co.uk
---
 src/drv_imap.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index dbdb1b1..53db79d 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1280,7 +1280,7 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
 #if HAVE_LIBSSL
 	if (srvc->use_imaps) {
 		if (start_tls( ctx ))
-			goto bail;
+			goto ssl_bail;
 		use_ssl = 1;
 	}
 #endif
@@ -1314,7 +1314,7 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
 				if (imap_exec( ctx, 0, "STARTTLS" ) != RESP_OK)
 					goto bail;
 				if (start_tls( ctx ))
-					goto bail;
+					goto ssl_bail;
 				use_ssl = 1;
 
 				if (imap_exec( ctx, 0, "CAPABILITY" ) != RESP_OK)
@@ -1399,6 +1399,12 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
 	ctx->trashnc = 1;
 	return (store_t *)ctx;
 
+#if HAVE_LIBSSL
+  ssl_bail:
+	/* This avoids that we try to send LOGOUT to an unusable socket. */
+	close( imap->buf.sock.fd );
+	imap->buf.sock.fd = -1;
+#endif
   bail:
 	imap_close_store( &ctx->gen );
 	return 0;