2011-01-02 Lars Magne Ingebrigtsen <larsi@gnus.org>
+ * nnimap.el (nnimap-login): Prefer AUTH=CRAM-MD5, if it's available.
+ This avoids sending passwords in plain text over non-encrypted
+ channels.
+
* shr.el (shr-rescale-image): Display all GIF images as animated images.
* nnimap.el (nnimap-login): Refactored out into own function, and
(defun nnimap-login (user password)
(cond
- ((not (nnimap-capability "LOGINDISABLED"))
- (nnimap-command "LOGIN %S %S" user password))
- ((nnimap-capability "AUTH=PLAIN")
- (nnimap-command
- "AUTHENTICATE PLAIN %s"
- (base64-encode-string
- (format "\000%s\000%s"
- (nnimap-quote-specials user)
- (nnimap-quote-specials password)))))
((nnimap-capability "AUTH=CRAM-MD5")
(erase-buffer)
(let ((sequence (nnimap-send-command "AUTHENTICATE CRAM-MD5"))
(rfc2104-hash 'md5 64 16 password
(base64-decode-string challenge))))
"\r\n"))
- (nnimap-wait-for-response sequence)))))
+ (nnimap-wait-for-response sequence)))
+ ((not (nnimap-capability "LOGINDISABLED"))
+ (nnimap-command "LOGIN %S %S" user password))
+ ((nnimap-capability "AUTH=PLAIN")
+ (nnimap-command
+ "AUTHENTICATE PLAIN %s"
+ (base64-encode-string
+ (format "\000%s\000%s"
+ (nnimap-quote-specials user)
+ (nnimap-quote-specials password)))))))
(defun nnimap-quote-specials (string)
(with-temp-buffer