also generate an event when starttls is encounterd for imap.

src/analyzer/protocol/imap/events.bif

@@ -8,3 +8,7 @@
 ## capabilities: The list of IMAP capabilities as sent by the server.
 event imap_capabilities%(c: connection, capabilities: string_vec%);
 
+## Generated when a IMAP connection goes encrypted
+##
+## c: The connection.
+event imap_starttls%(c: connection%);

src/analyzer/protocol/imap/imap-analyzer.pac

@@ -41,7 +41,10 @@ refine connection IMAP_Conn += {
 		if ( !is_orig && !client_starttls_id.empty() && tags == client_starttls_id )
 			{
 			if ( commands == "ok" )
+				{
 				bro_analyzer()->StartTLS();
+				BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
+				}
 			else
 				reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS");
 			}

testing/btest/Baseline/scripts.base.protocols.imap.starttls/.stdout

@@ -0,0 +1 @@
+Tls started for connection

testing/btest/scripts/base/protocols/imap/starttls.test

@@ -2,8 +2,14 @@
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log
+# @TEST-EXEC: btest-diff .stdout
 
 @load base/protocols/ssl
 @load base/protocols/conn
 @load base/frameworks/dpd
 @load base/protocols/imap
+
+event imap_starttls(c: connection)
+	{
+	print "Tls started for connection";
+	}