learn to disable STARTTLS

Some servers might have this feature broken. Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/207 Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-06-23 03:55:00 +02:00 · 2016-06-23 03:55:00 +02:00 · ac2a547ec4
parent 1410a391bc
commit ac2a547ec4
3 changed files with 21 additions and 1 deletions
--- a/offlineimap.conf
+++ b/offlineimap.conf
@ -610,6 +610,22 @@ type = IMAP
 remotehost = examplehost


+# This option stands in the [Repository RemoteExample] section.
+#
+# Whether or not to use STARTTLS. STARTTLS allows to upgrade a plain connection
+# to TLS or SSL after negociation with the server. While a server might pretend
+# to support STARTTLS, the communication might not be properly established or
+# the secure tunnel might be broken in some way. In this case you might want to
+# disable STARTTLS. Unless you hit issues with STARTTLS, you are strongly
+# encouraged to keep STARTTLS enabled.
+#
+# STARTTLS can be used even if the 'ssl' option is disabled.
+#
+# Default is yes.
+#
+#starttls = yes
+
+
 # This option stands in the [Repository RemoteExample] section.
 #
 # Whether or not to use SSL.
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@ -106,6 +106,7 @@ class IMAPServer(object):
        self.fingerprint = repos.get_ssl_fingerprint()
        self.sslversion = repos.getsslversion()
        self.tlslevel = repos.gettlslevel()
+        self.starttls = repos.getstarttls()

        self.oauth2_refresh_token = repos.getoauth2_refresh_token()
        self.oauth2_access_token = repos.getoauth2_access_token()
@ -414,7 +415,7 @@ class IMAPServer(object):

            # TLS must be initiated before checking capabilities:
            # they could have been changed after STARTTLS.
-            if tryTLS and not tried_tls:
+            if tryTLS and self.starttls and not tried_tls:
                tried_tls = True
                self.__start_tls(imapobj)

--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@ -261,6 +261,9 @@ class IMAPRepository(BaseRepository):
    def getsslversion(self):
        return self.getconf('ssl_version', None)

+    def getstarttls(self):
+        return self.getconfboolean('starttls', True)
+
    def get_ssl_fingerprint(self):
        """Return array of possible certificate fingerprints.