diff --git a/src/drv_imap.c b/src/drv_imap.c index b1f9de6..ebd8bf0 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -1571,11 +1571,13 @@ imap_open_store_p2( imap_store_t *ctx, struct imap_cmd *cmd ATTR_UNUSED, int res static void imap_open_store_authenticate( imap_store_t *ctx ) { - if (ctx->greeting != GreetingPreauth) { #ifdef HAVE_LIBSSL - imap_store_conf_t *cfg = (imap_store_conf_t *)ctx->gen.conf; - imap_server_conf_t *srvc = cfg->server; + imap_store_conf_t *cfg = (imap_store_conf_t *)ctx->gen.conf; + imap_server_conf_t *srvc = cfg->server; +#endif + if (ctx->greeting != GreetingPreauth) { +#ifdef HAVE_LIBSSL if (!srvc->sconf.use_imaps && (srvc->sconf.use_sslv2 || srvc->sconf.use_sslv3 || srvc->sconf.use_tlsv1)) { /* always try to select SSL support if available */ @@ -1595,6 +1597,13 @@ imap_open_store_authenticate( imap_store_t *ctx ) #endif imap_open_store_authenticate2( ctx ); } else { +#ifdef HAVE_LIBSSL + if (!srvc->sconf.use_imaps && srvc->require_ssl) { + error( "IMAP error: SSL support not available\n" ); + imap_open_store_bail( ctx ); + return; + } +#endif imap_open_store_namespace( ctx ); } } diff --git a/src/mbsync.1 b/src/mbsync.1 index a2335d9..d932a36 100644 --- a/src/mbsync.1 +++ b/src/mbsync.1 @@ -267,6 +267,11 @@ Specify a command to run to establish a connection rather than opening a TCP socket. This allows you to run an IMAP session over an SSH tunnel, for example. \fBHost\fR and \fBPort\fR are ignored when \fBTunnel\fR is set. +.br +If \fBUseIMAPS\fR is disabled and the tunnel opens a preauthenticated +connection, \fBRequireSSL\fR also needs to be disabled. +If the connection is not preauthenticated, but the tunnel is secure, +disabling \fBRequireSSL\fR and \fBUseTLSv1\fR is recommended. .. .TP \fBRequireCRAM\fR \fIyes\fR|\fIno\fR