Add -initialtls/-notls flags to msgchk.

diff --git a/man/msgchk.man b/man/msgchk.man
index 226c82e459d59f254114c6f98c2bf48c73e86649..fa5023309fed1da9a9598de897aa9a52a640b1b5 100644 (file)
--- a/man/msgchk.man
+++ b/man/msgchk.man
@@ -20,6 +20,8 @@ all/mail/nomail ]
 .RB [ \-sasl ]
 .RB [ \-saslmech
 .IR mechanism ]
+.RB [ \-initialtls ]
+.RB [ \-notls ]
 .RB [ \-authservice
 .IR service ]
 .RB [ \-snoop ]
@@ -147,10 +149,21 @@ and grant authorization to that account.  See the
 .B mhlogin
 man page for more details.
 .PP
-Gmail only supports POP3 over TLS, but
-.B msgchk
-has no TLS support.  To work around this, use something like
-.B -proxy 'openssl s_client -connect %h:995 -CAfile /etc/ssl/certs/ca-certificates.crt -quiet'
+If
+.B nmh
+has been compiled with TLS support, the
+.B \-initialtls
+switch will require the negotiation of TLS when connecting
+to the remote POP server.  The
+.B \-initialtls
+switch will negotiate TLS immediately after the connection has taken place,
+before any POP commands are sent or received.  Data encrypted by TLS is
+labeled `(tls-encrypted)' and `(tls-decrypted)` with viewing the POP
+transaction with the
+.B \-snoop
+switch.  The
+.B \-notls
+switch will disable all attempts to negotiate TLS.
 .SH FILES
 .fc ^ ~
 .nf

diff --git a/uip/msgchk.c b/uip/msgchk.c
index 5861dae91e847bcdae81d15a0eaf92f82374171e..d7b2c2f04394497dfc6b98970f5ab3ae822638a9 100644 (file)
--- a/uip/msgchk.c
+++ b/uip/msgchk.c
@@ -20,6 +20,12 @@
 # define SASLminc(a)  0
 #endif
 
+#ifndef TLS_SUPPORT
+# define TLSminc(a) (a)
+#else
+# define TLSminc(a)  0
+#endif
+
 #define MSGCHK_SWITCHES \
     X("date", 0, DATESW) \
     X("nodate", 0, NDATESW) \
@@ -34,6 +40,8 @@
     X("sasl", SASLminc(4), SASLSW) \
     X("saslmech", SASLminc(5), SASLMECHSW) \
     X("authservice", SASLminc(0), AUTHSERVICESW) \
+    X("initialtls", TLSminc(-10), INITTLSSW) \
+    X("notls", TLSminc(-5), NOTLSSW) \
     X("proxy command", 0, PROXYSW) \
 
 #define X(sw, minchars, id) id,
@@ -72,14 +80,14 @@ DEFINE_SWITCH_ARRAY(MSGCHK, switches);
 static int donote (char *, int);
 static int checkmail (char *, char *, int, int, int);
 static int remotemail (char *, char *, char *, char *, int, int, int, int,
-                      char *, const char *);
+                      char *, int, const char *);
 
 
 int
 main (int argc, char **argv)
 {
     int datesw = 1, notifysw = NT_ALL;
-    int status = 0, sasl = 0;
+    int status = 0, sasl = 0, tls = 0;
     int snoop = 0, vecp = 0;
     char *cp, *host = NULL, *port = NULL, *user = NULL, *proxy = NULL;
     char buf[BUFSIZ], *saslmech = NULL, *auth_svc = NULL;
@@ -161,6 +169,14 @@ main (int argc, char **argv)
                        adios (NULL, "missing argument to %s", argp[-2]);
                    continue;
 
+               case INITTLSSW:
+                   tls++;
+                   continue;
+
+               case NOTLSSW:
+                   tls = 0;
+                   continue;
+
                case AUTHSERVICESW:
 #ifdef OAUTH_SUPPORT
                    if (!(auth_svc = *argp++) || *auth_svc == '-')
@@ -202,11 +218,11 @@ main (int argc, char **argv)
     if (host) {
        if (vecp == 0) {
            status = remotemail (host, port, user, proxy, notifysw, 1,
-                                snoop, sasl, saslmech, auth_svc);
+                                snoop, sasl, saslmech, tls, auth_svc);
        } else {
            for (vecp = 0; vec[vecp]; vecp++)
                status += remotemail (host, port, vec[vecp], proxy, notifysw, 0,
-                                     snoop, sasl, saslmech, auth_svc);
+                                     snoop, sasl, saslmech, tls, auth_svc);
        }
     } else {
        if (user == NULL) user = getusername ();
@@ -330,7 +346,7 @@ extern char response[];
 
 static int
 remotemail (char *host, char *port, char *user, char *proxy, int notifysw,
-           int personal, int snoop, int sasl, char *saslmech,
+           int personal, int snoop, int sasl, char *saslmech, int tls,
            const char *auth_svc)
 {
     int nmsgs, nbytes, status;
@@ -350,7 +366,7 @@ remotemail (char *host, char *port, char *user, char *proxy, int notifysw,
 
     /* open the POP connection */
     if (pop_init (host, port, creds.user, creds.password, proxy, snoop, sasl,
-                 saslmech, 0, auth_svc) == NOTOK
+                 saslmech, tls, auth_svc) == NOTOK
            || pop_stat (&nmsgs, &nbytes) == NOTOK     /* check for messages  */
            || pop_quit () == NOTOK) {                 /* quit POP connection */
        advise (NULL, "%s", response);