From ac2a547ec46d590d041d410723f90f45fcb802fe Mon Sep 17 00:00:00 2001 From: Nicolas Sebrecht Date: Thu, 23 Jun 2016 03:55:00 +0200 Subject: [PATCH] learn to disable STARTTLS Some servers might have this feature broken. Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/207 Signed-off-by: Nicolas Sebrecht --- offlineimap.conf | 16 ++++++++++++++++ offlineimap/imapserver.py | 3 ++- offlineimap/repository/IMAP.py | 3 +++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/offlineimap.conf b/offlineimap.conf index 47256b4..c68cd84 100644 --- a/offlineimap.conf +++ b/offlineimap.conf @@ -610,6 +610,22 @@ type = IMAP remotehost = examplehost +# This option stands in the [Repository RemoteExample] section. +# +# Whether or not to use STARTTLS. STARTTLS allows to upgrade a plain connection +# to TLS or SSL after negociation with the server. While a server might pretend +# to support STARTTLS, the communication might not be properly established or +# the secure tunnel might be broken in some way. In this case you might want to +# disable STARTTLS. Unless you hit issues with STARTTLS, you are strongly +# encouraged to keep STARTTLS enabled. +# +# STARTTLS can be used even if the 'ssl' option is disabled. +# +# Default is yes. +# +#starttls = yes + + # This option stands in the [Repository RemoteExample] section. # # Whether or not to use SSL. diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py index 0363df2..5806ce3 100644 --- a/offlineimap/imapserver.py +++ b/offlineimap/imapserver.py @@ -106,6 +106,7 @@ class IMAPServer(object): self.fingerprint = repos.get_ssl_fingerprint() self.sslversion = repos.getsslversion() self.tlslevel = repos.gettlslevel() + self.starttls = repos.getstarttls() self.oauth2_refresh_token = repos.getoauth2_refresh_token() self.oauth2_access_token = repos.getoauth2_access_token() @@ -414,7 +415,7 @@ class IMAPServer(object): # TLS must be initiated before checking capabilities: # they could have been changed after STARTTLS. - if tryTLS and not tried_tls: + if tryTLS and self.starttls and not tried_tls: tried_tls = True self.__start_tls(imapobj) diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py index 0138975..2ee3f3e 100644 --- a/offlineimap/repository/IMAP.py +++ b/offlineimap/repository/IMAP.py @@ -261,6 +261,9 @@ class IMAPRepository(BaseRepository): def getsslversion(self): return self.getconf('ssl_version', None) + def getstarttls(self): + return self.getconfboolean('starttls', True) + def get_ssl_fingerprint(self): """Return array of possible certificate fingerprints.