void client_cmd_starttls(struct client *client)
{
if (client->tls) {
client->v.notify_starttls(client, FALSE, "TLS is already active.");
return;
}
if (!client_is_tls_enabled(client)) {
client->v.notify_starttls(client, FALSE, "TLS support isn't enabled.");
return;
}
/* remove input handler, SSL proxy gives us a new fd. we also have to
remove it in case we have to wait for buffer to be flushed */
if (client->io != NULL)
io_remove(&client->io);
client->v.notify_starttls(client, TRUE, "Begin TLS negotiation now.");
/* uncork the old fd */
o_stream_uncork(client->output);
if (o_stream_flush(client->output) <= 0) {
/* the buffer has to be flushed */
o_stream_set_flush_pending(client->output, TRUE);
o_stream_set_flush_callback(client->output,
client_output_starttls, client);
} else {
client_start_tls(client);
}
}
static const char *get_capability(struct client *client)
{
struct imap_client *imap_client = (struct imap_client *)client;
string_t *cap_str = t_str_new(256);
bool explicit_capability = FALSE;
if (*imap_client->set->imap_capability == '\0')
str_append(cap_str, CAPABILITY_BANNER_STRING);
else if (*imap_client->set->imap_capability != '+') {
explicit_capability = TRUE;
str_append(cap_str, imap_client->set->imap_capability);
} else {
str_append(cap_str, CAPABILITY_BANNER_STRING);
str_append_c(cap_str, ' ');
str_append(cap_str, imap_client->set->imap_capability + 1);
}
if (!explicit_capability) {
if (imap_client->set->imap_literal_minus)
str_append(cap_str, " LITERAL-");
else
str_append(cap_str, " LITERAL+");
}
if (client_is_tls_enabled(client) && !client->tls)
str_append(cap_str, " STARTTLS");
if (is_login_cmd_disabled(client))
str_append(cap_str, " LOGINDISABLED");
client_authenticate_get_capabilities(client, cap_str);
return str_c(cap_str);
}
