backport:

- un-document "Host imaps:[...]" syntax and introduce new option UseIMAPS
  instead
- apply ted's patch to support UseIMAPS in conjunction with Tunnel
- document that SSLv2 is No Good (TM)
This commit is contained in:
Oswald Buddenhagen 2006-11-01 07:19:26 +00:00
parent 6494cfc438
commit 3759f0c802
2 changed files with 26 additions and 16 deletions

View File

@ -1270,15 +1270,15 @@ imap_open_store( store_conf_t *conf, store_t *oldctx )
info( "ok\n" ); info( "ok\n" );
imap->buf.sock.fd = s; imap->buf.sock.fd = s;
}
#if HAVE_LIBSSL #if HAVE_LIBSSL
if (srvc->use_imaps) { if (srvc->use_imaps) {
if (start_tls( ctx )) if (start_tls( ctx ))
goto bail; goto bail;
use_ssl = 1; use_ssl = 1;
}
#endif
} }
#endif
/* read the greeting string */ /* read the greeting string */
if (buffer_gets( &imap->buf, &rsp )) { if (buffer_gets( &imap->buf, &rsp )) {
@ -1726,6 +1726,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err )
while (getcline( cfg ) && cfg->cmd) { while (getcline( cfg ) && cfg->cmd) {
if (!strcasecmp( "Host", cfg->cmd )) { if (!strcasecmp( "Host", cfg->cmd )) {
/* The imap[s]: syntax is just a backwards compat hack. */
#if HAVE_LIBSSL #if HAVE_LIBSSL
if (!memcmp( "imaps:", cfg->val, 6 )) { if (!memcmp( "imaps:", cfg->val, 6 )) {
cfg->val += 6; cfg->val += 6;
@ -1758,6 +1759,8 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep, int *err )
} }
} else if (!strcasecmp( "RequireSSL", cfg->cmd )) } else if (!strcasecmp( "RequireSSL", cfg->cmd ))
server->require_ssl = parse_bool( cfg ); server->require_ssl = parse_bool( cfg );
else if (!strcasecmp( "UseIMAPS", cfg->cmd ))
server->use_imaps = parse_bool( cfg );
else if (!strcasecmp( "UseSSLv2", cfg->cmd )) else if (!strcasecmp( "UseSSLv2", cfg->cmd ))
server->use_sslv2 = parse_bool( cfg ); server->use_sslv2 = parse_bool( cfg );
else if (!strcasecmp( "UseSSLv3", cfg->cmd )) else if (!strcasecmp( "UseSSLv3", cfg->cmd ))

View File

@ -210,17 +210,13 @@ The location of the \fBINBOX\fR. This is \fInot\fR relative to \fBPath\fR.
Define the IMAP4 Account \fIname\fR, opening a section for its parameters. Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
.. ..
.TP .TP
\fBHost\fR [\fBimaps:\fR]\fIhost\fR \fBHost\fR \fIhost\fR
Specify the DNS name or IP address of the IMAP server. If \fIhost\fR is Specify the DNS name or IP address of the IMAP server.
prefixed with \fBimaps:\fR the connection is assumed to be an SSL connection
to port 993.
Note that modern servers support SSL on the default port 143 via the
STARTTLS extension, which will be used automatically by default.
.. ..
.TP .TP
\fBPort\fR \fIport\fR \fBPort\fR \fIport\fR
Specify the TCP port number of the IMAP server. (Default: 143 for imap, Specify the TCP port number of the IMAP server. (Default: 143 for IMAP,
993 for imaps) 993 for IMAPS)
.. ..
.TP .TP
\fBUser\fR \fIusername\fR \fBUser\fR \fIusername\fR
@ -245,6 +241,15 @@ If set to \fIyes\fR, \fBmbsync\fR will abort the connection if no CRAM-MD5
authentication is possible. (Default: \fIno\fR) authentication is possible. (Default: \fIno\fR)
.. ..
.TP .TP
\fBUseIMAPS\fR \fIyes\fR|\fIno\fR
If set to \fIyes\fR, the default for \fBPort\fR is changed to 993 and
\fBmbsync\fR will start SSL negotiation immediately after establishing
the connection to the server.
.br
Note that modern servers support SSL on the regular IMAP port 143 via the
STARTTLS extension, which will be used automatically by default.
..
.TP
\fBRequireSSL\fR \fIyes\fR|\fIno\fR \fBRequireSSL\fR \fIyes\fR|\fIno\fR
\fBmbsync\fR will abort the connection if a TLS/SSL session cannot be \fBmbsync\fR will abort the connection if a TLS/SSL session cannot be
established with the IMAP server. (Default: \fIyes\fR) established with the IMAP server. (Default: \fIyes\fR)
@ -257,12 +262,14 @@ This option is \fImandatory\fR if SSL is used. See \fBSSL CERTIFICATES\fR below.
.TP .TP
\fBUseSSLv2\fR \fIyes\fR|\fIno\fR \fBUseSSLv2\fR \fIyes\fR|\fIno\fR
Use SSLv2 for communication with the IMAP server over SSL? Use SSLv2 for communication with the IMAP server over SSL?
(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR) .br
Note that this option is deprecated for security reasons.
(Default: \fIno\fR)
.. ..
.TP .TP
\fBUseSSLv3\fR \fIyes\fR|\fIno\fR \fBUseSSLv3\fR \fIyes\fR|\fIno\fR
Use SSLv3 for communication with the IMAP server over SSL? Use SSLv3 for communication with the IMAP server over SSL?
(Default: \fIyes\fR if an imaps \fBHost\fR is used, otherwise \fIno\fR) (Default: \fIno\fR)
.. ..
.TP .TP
\fBUseTLSv1\fR \fIyes\fR|\fIno\fR \fBUseTLSv1\fR \fIyes\fR|\fIno\fR