-#endif
- }
-#endif
-
- /* set security properties. We use NOPLAINTEXT globally, since we can
- * just fall back to LOGIN in the IMAP case anyway. If that doesn't
- * work for POP, we can make it a flag or move this code into
- * imap/auth_sasl.c */
- memset (&secprops, 0, sizeof (secprops));
- /* Work around a casting bug in the SASL krb4 module */
- secprops.max_ssf = 0x7fff;
- secprops.maxbufsize = M_SASL_MAXBUF;
- secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
- if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK) {
- debug_print (1, ("Error setting security properties\n"));
- return -1;
- }
-
- /* we currently don't have an SSF finder for NSS (I don't know the API).
- * If someone does it'd probably be trivial to write mutt_nss_get_ssf().
- * I have a feeling more SSL code could be shared between those two files,
- * but I haven't looked into it yet, since I still don't know the APIs. */
-#if (defined(USE_SSL) || defined(USE_GNUTLS) && !defined(USE_NSS))
- if (conn->account.flags & M_ACCT_SSL) {
-#ifdef USE_SASL2 /* I'm not sure this actually has an effect, at least with SASLv2 */
- debug_print (2, ("External SSF: %d\n", conn->ssf));
- if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
-#else
- memset (&extprops, 0, sizeof (extprops));
- extprops.ssf = conn->ssf;
- debug_print (2, ("External SSF: %d\n", extprops.ssf));
- if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
-#endif