Commit dc909119 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy
Browse files

Don't check IMAP PREAUTH encryption if $tunnel is in use.

$tunnel is used to create an external encrypted connection.  The
default of $ssl_starttls is yes, meaning those kinds of connections
will be broken by the CVE-2020-14093 fix.
parent c94d2b00
Pipeline #158336998 passed with stage
in 1 minute and 44 seconds
......@@ -532,8 +532,8 @@ int imap_open_connection (IMAP_DATA* idata)
{
#if defined(USE_SSL)
/* An unencrypted PREAUTH response is most likely a MITM attack.
* Require a confirmation. */
if (!idata->conn->ssf)
* Require a confirmation unless using $tunnel. */
if (!idata->conn->ssf && !Tunnel)
{
if (option(OPTSSLFORCETLS) ||
(query_quadoption (OPT_SSLSTARTTLS,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment