🍒 pick 257ede0: 🥅 Re-raise #starttls error from receiver thread [backports #395]

Backports #395 to `v0.3-stable`.  The tests required an additional
rescue-and-ignore for the server thread in `starttls_test`, which was
already present in all later branches.

---------

When `start_tls_session` raises an exception, that's caught in the
receiver thread, but not re-raised.  Fortunately, `@sock` will now be
a permanently broken SSLSocket, so I don't think this can lead to
accidentally using an insecure connection.

Even so, `#starttls` should disconnect the socket and re-raise the error
immediately.

Failing test case was provided by @rhenium in #394.

Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>

Author: nevans

lib/net/imap.rb

@@ -1014,7 +1014,8 @@ def logout
     # unsolicited untagged response immeditely _after_ #starttls completes.
     #
     def starttls(options = {}, verify = true)
-      send_command("STARTTLS") do |resp|
+      error = nil
+      ok = send_command("STARTTLS") do |resp|
         if resp.kind_of?(TaggedResponse) && resp.name == "OK"
           begin
             # for backward compatibility
@@ -1024,7 +1025,14 @@ def starttls(options = {}, verify = true)
           end
           start_tls_session(options)
         end
+      rescue Exception => error
+        raise # note that the error backtrace is in the receiver_thread
       end
+      if error
+        disconnect
+        raise error
+      end
+      ok
     end
 
     # :call-seq:

test/net/imap/test_imap.rb

@@ -75,6 +75,20 @@ def test_imaps_post_connection_check
   end
 
   if defined?(OpenSSL::SSL)
+    def test_starttls_unknown_ca
+      imap = nil
+      ex = nil
+      starttls_test do |port|
+        imap = Net::IMAP.new("localhost", port: port)
+        begin
+          imap.starttls
+        rescue => ex
+        end
+        imap
+      end
+      assert_kind_of(OpenSSL::SSL::SSLError, ex)
+    end
+
     def test_starttls
       imap = nil
       starttls_test do |port|
@@ -1004,6 +1018,7 @@ def starttls_test
         sock.gets
         sock.print("* BYE terminating connection\r\n")
         sock.print("RUBY0002 OK LOGOUT completed\r\n")
+      rescue OpenSSL::SSL::SSLError
       ensure
         sock.close
         server.close