goto bail;
#if defined(USE_SSL) || defined(USE_GNUTLS)
/* Attempt STARTTLS if available and desired. */
- if (mutt_bit_isset (idata->capabilities, STARTTLS) && !idata->conn->ssf)
+ if (!idata->conn->ssf && (option(OPTSSLFORCETLS) ||
+ mutt_bit_isset (idata->capabilities, STARTTLS)))
{
int rc;
-
- if ((rc = query_quadoption (OPT_SSLSTARTTLS,
+
+ if (option(OPTSSLFORCETLS))
+ rc = M_YES;
+ else if ((rc = query_quadoption (OPT_SSLSTARTTLS,
_("Secure connection with TLS?"))) == -1)
goto err_close_conn;
if (rc == M_YES) {
}
}
}
+
+ if (option(OPTSSLFORCETLS) && ! idata->conn->ssf)
+ {
+ mutt_error _("Encrypted connection unavailable");
+ mutt_sleep (1);
+ goto err_close_conn;
+ }
#endif
}
else if (ascii_strncasecmp ("* PREAUTH", idata->cmd.buf, 9) == 0)
** as folder separators for displaying IMAP paths. In particular it
** helps in using the '=' shortcut for your \fIfolder\fP variable.
*/
-# if defined(USE_SSL) || defined(USE_GNUTLS)
- { "imap_force_ssl", DT_BOOL, R_NONE, OPTIMAPFORCESSL, 0 },
- /*
- ** .pp
- ** If this variable is set, Mutt will always use SSL when
- ** connecting to IMAP servers.
- */
-# endif
{ "imap_headers", DT_STR, R_INDEX, UL &ImapHeaders, UL 0},
/*
** .pp
** The file containing a client certificate and its associated private
** key.
*/
-#endif
-# if defined(USE_SSL)||defined(USE_GNUTLS)
+#endif /* USE_SSL */
+ { "ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, 0 },
+ /*
+ ** .pp
+ ** If this variable is set, Mutt will require that all connections
+ ** to remote servers be encrypted. Furthermore it will attempt to
+ ** negotiate TLS even if the server does not advertise the capability,
+ ** since it would otherwise have to abort the connection anyway. This
+ ** option supersedes ``$$ssl_starttls''.
+ */
{ "ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, M_YES },
/*
** .pp
** advertising the capability. When unset, mutt will not attempt to
** use STARTTLS regardless of the server's capabilities.
*/
-# endif
{ "certificate_file", DT_PATH, R_NONE, UL &SslCertFile, UL "~/.mutt_certificates" },
/*
** .pp
** This variables specifies whether to attempt to use SSLv2 in the
** SSL authentication process.
*/
-# endif
+# endif /* defined _MAKEDOC || !defined(USE_GNUTLS) */
{ "ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, 1 },
/*
** .pp
** This variables specifies whether to attempt to use TLSv1 in the
** SSL authentication process.
*/
-#ifdef USE_GNUTLS
+# ifdef USE_GNUTLS
{ "ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, 0 },
/*
** .pp
** .pp
** Example: set ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
*/
-#endif
-#endif
+# endif /* USE_GNUTLS */
+#endif /* defined(USE_SSL) || defined(USE_GNUTLS) */
{ "pipe_split", DT_BOOL, R_NONE, OPTPIPESPLIT, 0 },
/*
#if defined(USE_SSL) || defined(USE_GNUTLS)
/* Attempt STLS if available and desired. */
- if (pop_data->cmd_stls && !pop_data->conn->ssf)
+ if (!pop_data->conn->ssf && (pop_data->cmd_stls || option(OPTSSLFORCETLS)))
{
+ if (option(OPTSSLFORCETLS))
+ pop_data->use_stls = 2;
if (pop_data->use_stls == 0)
{
ret = query_quadoption (OPT_SSLSTARTTLS,
}
}
}
+
+ if (option(OPTSSLFORCETLS) && !pop_data->conn->ssf)
+ {
+ mutt_error _("Encrypted connection unavailable");
+ mutt_sleep (1);
+ return -2;
+ }
#endif
ret = pop_authenticate (pop_data);
projects / neomutt / commitdiff