From: Timo Sirainen <tss@iki.fi>
Date: Tue, 24 Jun 2003 23:35:13 +0000 (+0300)
Subject: Don't advertise STARTTLS/STLS capability when TLS/SSL connection is already
X-Git-Tag: 1.1.alpha1~4531
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34f4f5dcd8299c3703c2f40f5c264fbab32f55d2;p=thirdparty%2Fdovecot%2Fcore.git

Don't advertise STARTTLS/STLS capability when TLS/SSL connection is already
established.

--HG--
branch : HEAD
---

diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index 2e7440a289..241fb5f461 100644
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -93,7 +93,8 @@ static int cmd_capability(struct imap_client *client)
 
 	auths = client_authenticate_get_capabilities(client->tls);
 	capability = t_strconcat("* CAPABILITY " CAPABILITY_STRING,
-				 ssl_initialized ? " STARTTLS" : "",
+				 (ssl_initialized && !client->tls) ?
+				 " STARTTLS" : "",
 				 disable_plaintext_auth && !client->tls ?
 				 " LOGINDISABLED" : "", auths, NULL);
 	client_send_line(client, capability);
diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c
index 445134a37d..1e0882cfde 100644
--- a/src/pop3-login/client-authenticate.c
+++ b/src/pop3-login/client-authenticate.c
@@ -46,7 +46,8 @@ int cmd_capa(struct pop3_client *client, const char *args __attr_unused__)
 	}
 
 	client_send_line(client, t_strconcat("+OK\r\n" POP3_CAPABILITY_REPLY,
-					     ssl_initialized ? "STLS\r\n" : "",
+					     (ssl_initialized && !client->tls) ?
+					     "STLS\r\n" : "",
 					     auth_mechs_capability,
 					     "\r\n.", NULL));
 	return TRUE;