From 3759f0c80220a908714fcddc4ffe07fe231eb813 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Wed, 1 Nov 2006 07:19:26 +0000 Subject: [PATCH] backport: - un-document "Host imaps:[...]" syntax and introduce new option UseIMAPS instead - apply ted's patch to support UseIMAPS in conjunction with Tunnel - document that SSLv2 is No Good (TM) --- src/drv_imap.c | 15 +++++++++------ src/mbsync.1 | 27 +++++++++++++++++---------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/src/drv_imap.c b/src/drv_imap.c index 8b5cea7..6501a2f 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -1270,15 +1270,15 @@ imap_open_store( store_conf_t *conf, store_t *oldctx ) info( "ok\n" ); imap->buf.sock.fd = s; + } #if HAVE_LIBSSL - if (srvc->use_imaps) { - if (start_tls( ctx )) - goto bail; - use_ssl = 1; - } -#endif + if (srvc->use_imaps) { + if (start_tls( ctx )) + goto bail; + use_ssl = 1; } +#endif /* read the greeting string */ if (buffer_gets( &imap->buf, &rsp )) { @@ -1726,6 +1726,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err ) while (getcline( cfg ) && cfg->cmd) { if (!strcasecmp( "Host", cfg->cmd )) { + /* The imap[s]: syntax is just a backwards compat hack. */ #if HAVE_LIBSSL if (!memcmp( "imaps:", cfg->val, 6 )) { cfg->val += 6; @@ -1758,6 +1759,8 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err ) } } else if (!strcasecmp( "RequireSSL", cfg->cmd )) server->require_ssl = parse_bool( cfg ); + else if (!strcasecmp( "UseIMAPS", cfg->cmd )) + server->use_imaps = parse_bool( cfg ); else if (!strcasecmp( "UseSSLv2", cfg->cmd )) server->use_sslv2 = parse_bool( cfg ); else if (!strcasecmp( "UseSSLv3", cfg->cmd )) diff --git a/src/mbsync.1 b/src/mbsync.1 index 2b44bc2..14b5c99 100644 --- a/src/mbsync.1 +++ b/src/mbsync.1 @@ -210,17 +210,13 @@ The location of the \fBINBOX\fR. This is \fInot\fR relative to \fBPath\fR. Define the IMAP4 Account \fIname\fR, opening a section for its parameters. .. .TP -\fBHost\fR [\fBimaps:\fR]\fIhost\fR -Specify the DNS name or IP address of the IMAP server. If \fIhost\fR is -prefixed with \fBimaps:\fR the connection is assumed to be an SSL connection -to port 993. -Note that modern servers support SSL on the default port 143 via the -STARTTLS extension, which will be used automatically by default. +\fBHost\fR \fIhost\fR +Specify the DNS name or IP address of the IMAP server. .. .TP \fBPort\fR \fIport\fR -Specify the TCP port number of the IMAP server. (Default: 143 for imap, -993 for imaps) +Specify the TCP port number of the IMAP server. (Default: 143 for IMAP, +993 for IMAPS) .. .TP \fBUser\fR \fIusername\fR @@ -245,6 +241,15 @@ If set to \fIyes\fR, \fBmbsync\fR will abort the connection if no CRAM-MD5 authentication is possible. (Default: \fIno\fR) .. .TP +\fBUseIMAPS\fR \fIyes\fR|\fIno\fR +If set to \fIyes\fR, the default for \fBPort\fR is changed to 993 and +\fBmbsync\fR will start SSL negotiation immediately after establishing +the connection to the server. +.br +Note that modern servers support SSL on the regular IMAP port 143 via the +STARTTLS extension, which will be used automatically by default. +.. +.TP \fBRequireSSL\fR \fIyes\fR|\fIno\fR \fBmbsync\fR will abort the connection if a TLS/SSL session cannot be established with the IMAP server. (Default: \fIyes\fR) @@ -257,12 +262,14 @@ This option is \fImandatory\fR if SSL is used. See \fBSSL CERTIFICATES\fR below. .TP \fBUseSSLv2\fR \fIyes\fR|\fIno\fR Use SSLv2 for communication with the IMAP server over SSL? -(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR) +.br +Note that this option is deprecated for security reasons. +(Default: \fIno\fR) .. .TP \fBUseSSLv3\fR \fIyes\fR|\fIno\fR Use SSLv3 for communication with the IMAP server over SSL? -(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR) +(Default: \fIno\fR) .. .TP \fBUseTLSv1\fR \fIyes\fR|\fIno\fR