backport:
- un-document "Host imaps:[...]" syntax and introduce new option UseIMAPS instead - apply ted's patch to support UseIMAPS in conjunction with Tunnel - document that SSLv2 is No Good (TM)
This commit is contained in:
parent
6494cfc438
commit
3759f0c802
|
@ -1270,6 +1270,7 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
|
||||||
info( "ok\n" );
|
info( "ok\n" );
|
||||||
|
|
||||||
imap->buf.sock.fd = s;
|
imap->buf.sock.fd = s;
|
||||||
|
}
|
||||||
|
|
||||||
#if HAVE_LIBSSL
|
#if HAVE_LIBSSL
|
||||||
if (srvc->use_imaps) {
|
if (srvc->use_imaps) {
|
||||||
|
@ -1278,7 +1279,6 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
|
||||||
use_ssl = 1;
|
use_ssl = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
|
||||||
|
|
||||||
/* read the greeting string */
|
/* read the greeting string */
|
||||||
if (buffer_gets( &imap->buf, &rsp )) {
|
if (buffer_gets( &imap->buf, &rsp )) {
|
||||||
|
@ -1726,6 +1726,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err )
|
||||||
|
|
||||||
while (getcline( cfg ) && cfg->cmd) {
|
while (getcline( cfg ) && cfg->cmd) {
|
||||||
if (!strcasecmp( "Host", cfg->cmd )) {
|
if (!strcasecmp( "Host", cfg->cmd )) {
|
||||||
|
/* The imap[s]: syntax is just a backwards compat hack. */
|
||||||
#if HAVE_LIBSSL
|
#if HAVE_LIBSSL
|
||||||
if (!memcmp( "imaps:", cfg->val, 6 )) {
|
if (!memcmp( "imaps:", cfg->val, 6 )) {
|
||||||
cfg->val += 6;
|
cfg->val += 6;
|
||||||
|
@ -1758,6 +1759,8 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err )
|
||||||
}
|
}
|
||||||
} else if (!strcasecmp( "RequireSSL", cfg->cmd ))
|
} else if (!strcasecmp( "RequireSSL", cfg->cmd ))
|
||||||
server->require_ssl = parse_bool( cfg );
|
server->require_ssl = parse_bool( cfg );
|
||||||
|
else if (!strcasecmp( "UseIMAPS", cfg->cmd ))
|
||||||
|
server->use_imaps = parse_bool( cfg );
|
||||||
else if (!strcasecmp( "UseSSLv2", cfg->cmd ))
|
else if (!strcasecmp( "UseSSLv2", cfg->cmd ))
|
||||||
server->use_sslv2 = parse_bool( cfg );
|
server->use_sslv2 = parse_bool( cfg );
|
||||||
else if (!strcasecmp( "UseSSLv3", cfg->cmd ))
|
else if (!strcasecmp( "UseSSLv3", cfg->cmd ))
|
||||||
|
|
27
src/mbsync.1
27
src/mbsync.1
|
@ -210,17 +210,13 @@ The location of the \fBINBOX\fR. This is \fInot\fR relative to \fBPath\fR.
|
||||||
Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
|
Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
\fBHost\fR [\fBimaps:\fR]\fIhost\fR
|
\fBHost\fR \fIhost\fR
|
||||||
Specify the DNS name or IP address of the IMAP server. If \fIhost\fR is
|
Specify the DNS name or IP address of the IMAP server.
|
||||||
prefixed with \fBimaps:\fR the connection is assumed to be an SSL connection
|
|
||||||
to port 993.
|
|
||||||
Note that modern servers support SSL on the default port 143 via the
|
|
||||||
STARTTLS extension, which will be used automatically by default.
|
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
\fBPort\fR \fIport\fR
|
\fBPort\fR \fIport\fR
|
||||||
Specify the TCP port number of the IMAP server. (Default: 143 for imap,
|
Specify the TCP port number of the IMAP server. (Default: 143 for IMAP,
|
||||||
993 for imaps)
|
993 for IMAPS)
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
\fBUser\fR \fIusername\fR
|
\fBUser\fR \fIusername\fR
|
||||||
|
@ -245,6 +241,15 @@ If set to \fIyes\fR, \fBmbsync\fR will abort the connection if no CRAM-MD5
|
||||||
authentication is possible. (Default: \fIno\fR)
|
authentication is possible. (Default: \fIno\fR)
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
|
\fBUseIMAPS\fR \fIyes\fR|\fIno\fR
|
||||||
|
If set to \fIyes\fR, the default for \fBPort\fR is changed to 993 and
|
||||||
|
\fBmbsync\fR will start SSL negotiation immediately after establishing
|
||||||
|
the connection to the server.
|
||||||
|
.br
|
||||||
|
Note that modern servers support SSL on the regular IMAP port 143 via the
|
||||||
|
STARTTLS extension, which will be used automatically by default.
|
||||||
|
..
|
||||||
|
.TP
|
||||||
\fBRequireSSL\fR \fIyes\fR|\fIno\fR
|
\fBRequireSSL\fR \fIyes\fR|\fIno\fR
|
||||||
\fBmbsync\fR will abort the connection if a TLS/SSL session cannot be
|
\fBmbsync\fR will abort the connection if a TLS/SSL session cannot be
|
||||||
established with the IMAP server. (Default: \fIyes\fR)
|
established with the IMAP server. (Default: \fIyes\fR)
|
||||||
|
@ -257,12 +262,14 @@ This option is \fImandatory\fR if SSL is used. See \fBSSL CERTIFICATES\fR below.
|
||||||
.TP
|
.TP
|
||||||
\fBUseSSLv2\fR \fIyes\fR|\fIno\fR
|
\fBUseSSLv2\fR \fIyes\fR|\fIno\fR
|
||||||
Use SSLv2 for communication with the IMAP server over SSL?
|
Use SSLv2 for communication with the IMAP server over SSL?
|
||||||
(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR)
|
.br
|
||||||
|
Note that this option is deprecated for security reasons.
|
||||||
|
(Default: \fIno\fR)
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
\fBUseSSLv3\fR \fIyes\fR|\fIno\fR
|
\fBUseSSLv3\fR \fIyes\fR|\fIno\fR
|
||||||
Use SSLv3 for communication with the IMAP server over SSL?
|
Use SSLv3 for communication with the IMAP server over SSL?
|
||||||
(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR)
|
(Default: \fIno\fR)
|
||||||
..
|
..
|
||||||
.TP
|
.TP
|
||||||
\fBUseTLSv1\fR \fIyes\fR|\fIno\fR
|
\fBUseTLSv1\fR \fIyes\fR|\fIno\fR
|
||||||
|
|
Loading…
Reference in New Issue
Block a user