[PATCH] learn to disable STARTTLS

[Nicolas Sebrecht]

Some servers might have this feature broken.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/207
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev at laposte.net>
---

The following changes since commit 52120beb27a718dbec3d88a00b3448fcb5137777:

  man: offlineimapui: minor typo fix (2016-06-19 23:32:01 +0200)

are available in the git repository at:

  https://github.com/nicolas33/offlineimap.git ns/starttls

for you to fetch changes up to d9b4cff0c380b2899875314566b115d2e9f93736:

  learn to disable STARTTLS (2016-06-23 04:01:46 +0200)

----------------------------------------------------------------

 offlineimap.conf               | 16 ++++++++++++++++
 offlineimap/imapserver.py      |  3 ++-
 offlineimap/repository/IMAP.py |  3 +++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/offlineimap.conf b/offlineimap.conf
index d790848..232a3db 100644
--- a/offlineimap.conf
+++ b/offlineimap.conf
@@ -605,6 +605,22 @@ remotehost = examplehost
 
 # This option stands in the [Repository RemoteExample] section.
 #
+# Whether or not to use STARTTLS. STARTTLS allows to upgrade a plain connection
+# to TLS or SSL after negociation with the server. While a server might pretend
+# to support STARTTLS, the communication might not be properly established or
+# the secure tunnel might be broken in some way. In this case you might want to
+# disable STARTTLS. Unless you hit issues with STARTTLS, you are strongly
+# encouraged to keep STARTTLS enabled.
+#
+# STARTTLS can be used even if the 'ssl' option is disabled.
+#
+# Default is yes.
+#
+#starttls = yes
+
+
+# This option stands in the [Repository RemoteExample] section.
+#
 # Whether or not to use SSL.
 #
 # Note: be care to configure the 'remotehost' line with the domain name defined
diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index f373326..6e8246f 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -106,6 +106,7 @@ class IMAPServer(object):
         self.fingerprint = repos.get_ssl_fingerprint()
         self.sslversion = repos.getsslversion()
         self.tlslevel = repos.gettlslevel()
+        self.starttls = repos.getstarttls()
 
         self.oauth2_refresh_token = repos.getoauth2_refresh_token()
         self.oauth2_access_token = repos.getoauth2_access_token()
@@ -411,7 +412,7 @@ class IMAPServer(object):
 
             # TLS must be initiated before checking capabilities:
             # they could have been changed after STARTTLS.
-            if tryTLS and not tried_tls:
+            if tryTLS and self.starttls and not tried_tls:
                 tried_tls = True
                 self.__start_tls(imapobj)
 
diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py
index 7cdc956..2d24fa7 100644
--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@@ -257,6 +257,9 @@ class IMAPRepository(BaseRepository):
     def getsslversion(self):
         return self.getconf('ssl_version', None)
 
+    def getstarttls(self):
+        return self.getconfboolean('starttls', True)
+
     def get_ssl_fingerprint(self):
         """Return array of possible certificate fingerprints.
 
-- 
2.7.4