Some servers might have this feature broken. Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/207 Signed-off-by: Nicolas Sebrecht <[email protected]> ---
The following changes since commit 52120beb27a718dbec3d88a00b3448fcb5137777: man: offlineimapui: minor typo fix (2016-06-19 23:32:01 +0200) are available in the git repository at: https://github.com/nicolas33/offlineimap.git ns/starttls for you to fetch changes up to d9b4cff0c380b2899875314566b115d2e9f93736: learn to disable STARTTLS (2016-06-23 04:01:46 +0200) ---------------------------------------------------------------- offlineimap.conf | 16 ++++++++++++++++ offlineimap/imapserver.py | 3 ++- offlineimap/repository/IMAP.py | 3 +++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/offlineimap.conf b/offlineimap.conf index d790848..232a3db 100644 --- a/offlineimap.conf +++ b/offlineimap.conf @@ -605,6 +605,22 @@ remotehost = examplehost # This option stands in the [Repository RemoteExample] section. # +# Whether or not to use STARTTLS. STARTTLS allows to upgrade a plain connection +# to TLS or SSL after negociation with the server. While a server might pretend +# to support STARTTLS, the communication might not be properly established or +# the secure tunnel might be broken in some way. In this case you might want to +# disable STARTTLS. Unless you hit issues with STARTTLS, you are strongly +# encouraged to keep STARTTLS enabled. +# +# STARTTLS can be used even if the 'ssl' option is disabled. +# +# Default is yes. +# +#starttls = yes + + +# This option stands in the [Repository RemoteExample] section. +# # Whether or not to use SSL. # # Note: be care to configure the 'remotehost' line with the domain name defined diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py index f373326..6e8246f 100644 --- a/offlineimap/imapserver.py +++ b/offlineimap/imapserver.py @@ -106,6 +106,7 @@ class IMAPServer(object): self.fingerprint = repos.get_ssl_fingerprint() self.sslversion = repos.getsslversion() self.tlslevel = repos.gettlslevel() + self.starttls = repos.getstarttls() self.oauth2_refresh_token = repos.getoauth2_refresh_token() self.oauth2_access_token = repos.getoauth2_access_token() @@ -411,7 +412,7 @@ class IMAPServer(object): # TLS must be initiated before checking capabilities: # they could have been changed after STARTTLS. - if tryTLS and not tried_tls: + if tryTLS and self.starttls and not tried_tls: tried_tls = True self.__start_tls(imapobj) diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py index 7cdc956..2d24fa7 100644 --- a/offlineimap/repository/IMAP.py +++ b/offlineimap/repository/IMAP.py @@ -257,6 +257,9 @@ class IMAPRepository(BaseRepository): def getsslversion(self): return self.getconf('ssl_version', None) + def getstarttls(self): + return self.getconfboolean('starttls', True) + def get_ssl_fingerprint(self): """Return array of possible certificate fingerprints. -- 2.7.4 _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
