Implement STARTTLS
Opened this issue · 0 comments
ivucica commented
This would reduce the impact of PLAIN-only authentication a bit.
Possible approach that I took in my toy server:
cert, err := tls.LoadX509KeyPair("/tmp/goimapd.crt", "/tmp/goimapd.key")
if err != nil {
fmt.Printf("loadkeys: %s\n", err)
textconn.PrintfLine("%s BAD Sorry, server-side problem loading certs.", tag, cmd)
return
}
tlsconfig := &tls.Config{
Certificates: []tls.Certificate{cert},
}
textconn.PrintfLine("%s OK STARTTLS commencing.", tag)
conn = tls.Server(conn, tlsconfig)
textconn = textproto.NewConn(conn)
It looks like a similar approach could be implemented in imap-server, too: the STARTTLS command could replace c.Rwc with an instance of tls.Server.