On Thu, 28 Dec 2023, Patrick Monnerat via curl-library wrote:
IN IMAP/POP3/SMTP, a failing CURLUSESSL_TRY behaves as expected as long as
TLS negotiation has not started, but terminates in error if the latter
fails. I noticed it by reading the code and, since there is no support for
STARTTLS in our test environment, I verified it manually with a personal
IMAP server.
I wonder if this is intentional or a bug. Any clue?
I don't think we considered this case, so just an oversight I believe.
Since the try option allows continuing without TLS, the liberal approach would
probably be to survive the TLS failure and continue without. But since we
*never* did that in the past, and the try option is a terribly bad option and
a generally bad security idea, it feels like a better approach is now to
instead document that this is how it works. We already discourage the use of
the try option.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
