Sorry, for the email flood.
I've attached my patch against imap.inc to this message because the one in the bug report seemed to have a number of issues. These include:
- sending an untagged starttls command.
- dropping back out of TLS after authentication (this seems less
insecure and unnecessary).
- not resetting the capabilities map (the authentication mechanisms
required may only be available after negotiating an encrypted connection. Also required by RFC2595).
- Using the tls prefix makes the client use port 993 by default which isn't wanted for STARTTLS.
- Not checking the STARTTLS capability.
Also, the TLS negotiation requires the socket to be blocking to work correctly. I think this is the default so I haven't touched it whereas the other patch sets it to blocking then non-blocking afterwards. I don't know whether or not this would cause issues.
Presumably there must be others on this list who want/need this functionality?
regards,
Francis
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/+D/rLA76dHT/roundcube-0.2-imap.i.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/