Hi Daniel

> >> Note that this says "TRY". That's a bit devious, as it means the user
> >> is actually fine with either way, it just wants to try SSL and go
> >> with it if it works. That option can however get set to
> >> CURLFTPSSL_CONTROL or CURLFTPSSL_ALL which mean: MUST use SSL.
> >
> > Does that mean if a user sets the SSL value to CONTROL or ALL and the
> > SMTP /
> > POP3 / IMAP server doesn't support the upgrading of connections via
> > TLS that the connection will fail?
>
> Yes, exactly! SSL or die.

To pick this thread back up...

I had a go at trying to fix this issue today by not using my initial gut
instinct fix of simply not changing the handler - instead by changing url.c
at line 2962 to perform an additional check:

    if((needle->handler->flags&PROTOPT_SSL) !=
        (check->handler->flags&PROTOPT_SSL)) {
      /* don't do mixed SSL and non-SSL connections */
      if(!(needle->handler->protocol&check->handler->protocol))
        /* except protocols that have been upgraded via TLS */
        continue;
    }

This takes into account everything that we have been discussing and my
thought here with the additional check was that the POP3S handler's protocol
contains POP3 (just as IMAPS contains IMAP, etc...) so this extra check
allows the rest of the function to execute when a connection has been
upgraded via TLS as the second connection's protocol is contained in the
previous connection's protocol.

Unfortunately, a later check (which compares the schema names of the two
connections) then fails (at roughly line 3012).

Do you have any additional thoughts? Should I look at adding an additional
check here if the scheme fails but the second connection's protocol is
contained within the other's handler like I have done above?

Cheers

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-25