diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/stream.ml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/stream.ml b/lib/stream.ml index 80579f0..b501a78 100644 --- a/lib/stream.ml +++ b/lib/stream.ml @@ -2,6 +2,7 @@ open Lwt.Syntax open Lwt.Infix exception ClosedStream +exception InsufficientEncryption type feature = | Mechanisms of Sasl.auth_mechanism list @@ -72,7 +73,10 @@ let negotiate match starttls, prefer_starttls with | [`Optional], true | [`Required], _ -> Starttls.upgrade portal >>= start_stream - | [`Optional], false | [], _ -> Lwt.return other_features + | [`Optional], false | [], _ -> + if Portal._encrypted portal._socket || Option.is_some (Sys.getenv_opt "FLESH_ALLOW_STRIPTLS") + then Lwt.return other_features + else Lwt.fail InsufficientEncryption | _ -> Lwt.fail_with "Invalid number of STARTLS declarations in features." in let sasl_auth features = |