For the SSL-only ports, if crypto negotiation fails,

drop the session instead of falling back to unencrypted mode.

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index ca4acfb6c38dca00a0ad52381d67f5dd244d11e7..1454781aacde94685ed4e0d84f9800faadd65d56 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -508,6 +508,7 @@ void imap_greeting(void)
  */
 void imaps_greeting(void) {
        CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
+       if (!CC->redirect_ssl) CC->kill_me = 1;         /* kill session if no crypto */
        imap_greeting();
 }
 

diff --git a/citadel/modules/pop3/serv_pop3.c b/citadel/modules/pop3/serv_pop3.c
index 761a4da967e510c06b697ef7722ea9fcb5964073..fadb9f50cc15b0096111c3f147f096b7905d3aff 100644 (file)
--- a/citadel/modules/pop3/serv_pop3.c
+++ b/citadel/modules/pop3/serv_pop3.c
@@ -98,6 +98,7 @@ void pop3_greeting(void) {
  */
 void pop3s_greeting(void) {
        CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
+       if (!CC->redirect_ssl) CC->kill_me = 1;         /* kill session if no crypto */
        pop3_greeting();
 }
 

diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c
index e6f3c6957d9c53a4c4e84bbc60be25b9ad671be7..960e105d0816164602b6a3182c861439a5179105 100644 (file)
--- a/citadel/modules/smtp/serv_smtp.c
+++ b/citadel/modules/smtp/serv_smtp.c
@@ -166,6 +166,7 @@ void smtp_greeting(int is_msa)
  */
 void smtps_greeting(void) {
        CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
+       if (!CC->redirect_ssl) CC->kill_me = 1;         /* kill session if no crypto */
        smtp_greeting(0);
 }