[PATCH] Add STARTTLS support

Johannes Stezenbach js at sig21.net
Wed Apr 6 00:23:43 BST 2011


On Tue, Apr 05, 2011 at 11:12:43PM +0200, Sebastian Spaeth wrote:
> On Tue, 5 Apr 2011 21:59:42 +0200, Johannes Stezenbach <js at sig21.net> wrote:
> > This seems wrong to me,  STARTTLS does not replace authentication,
> > it only provides an encrypted channel, and auth is then done in the
> > usual way after STARTTLS.
> 
> But surely, we would simply do plainauth login after starttls() and not
> attempt to do a CRAM-MD5 login?
> 
> I readily admit that I am no expert in all things SSL/TSL, so if someone
> comes up with a patch that would be appreciated. It's only a few lines
> as my patch shows.

I'm not sure what is used in practice but in theory the choice
of auth methods is orthogonal to STARTTLS.  If the server doesn't
offer plaintext login you'll have to use CRAM-MD5.

Anyway, I did not look too close at your code, what tripped me
over was your 'Attempting STARTTLS authentication' debug msg.


Johannes




More information about the OfflineIMAP-project mailing list