[mew-int 01897] Re: TLS

Fri Oct 29 02:27:13 JST 2004

Hi,

I tried your patch but found two problems:

1. Mew 4.1 tries to use the binary /usr/sbin/stunnel but doesn't find
it since stunnel4, in debian, is installed as /usr/sbin/stunnel4.
    Anyway i created a link and i could proceed.

2. I applied your patch to stunnel4 (debian source) but it stops
working while trying to connect, and emacs stops responding too so i
have to kill it (it would be nice to have the option of killing emacs
processes without killing it completely as this happens all too often,
ex. when a wireless connection isn't great and mew just keeps trying
getting or sending things blocking all emacs usage).
    I also tried to run stunnel by hand using the same conf file mew
created in /tmp to see the messages it issued and this is what i got:

2004.10.28 18:10:22 LOG5[8458:1076623808]: stunnel 4.05 on
i386-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2004.10.28 18:10:22 LOG7[8458:1076623808]: RAND_status claims
sufficient entropy for the PRNG
2004.10.28 18:10:22 LOG6[8458:1076623808]: PRNG seeded successfully
2004.10.28 18:10:22 LOG7[8458:1076623808]: Verify directory set to
/home/jman/.certs
2004.10.28 18:10:22 LOG5[8458:1076623808]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
2004.10.28 18:10:22 LOG7[8458:1076623808]: FD 3 in non-blocking mode
2004.10.28 18:10:22 LOG7[8458:1076623808]: SO_REUSEADDR option set on
accept socket
2004.10.28 18:10:22 LOG7[8458:1076623808]: 8204 bound to 127.0.0.1:8204
2004.10.28 18:10:22 LOG7[8458:1076623808]: FD 4 in non-blocking mode
2004.10.28 18:10:22 LOG7[8458:1076623808]: FD 5 in non-blocking mode
2004.10.28 18:10:22 LOG7[8458:1076623808]: No pid file being created

>From here on it stops, although i can kill it with ctrl+c.

I understand stunnel is not your business and as such I can only thank
you for trying to add this support into it, Thanks!

Rui

On Fri, 29 Oct 2004 00:08:19 +0900 (JST), 山本和彦 Kazu Yamamoto
<kazu at example.com> wrote:
> Hello,
> 
> > TLS(Transport Layer Security) has been supported as well as SSL. To
> > support TLS, Mew makes use of the TLS functionality of "stunnel".
> >
> > At this moment, you can protect SMTP, POP and NNTP with TLS. IMAP/TLS
> > cannot be used since "stunnel" does not support it yet.
> 
> I believe that one guy on this list wants to use IMAP/TLS. So, I
> created a patch for stunnel 4.05. I have already sent this patch to
> the author.
> 
> --Kazu
> 
> *** protocol.c-dist     Thu Oct 28 12:08:18 2004
> --- protocol.c  Thu Oct 28 12:26:57 2004
> ***************
> *** 40,45 ****
> --- 40,47 ----
>   static int pop3_server(CLI *);
>   static int nntp_client(CLI *);
>   static int nntp_server(CLI *);
> + static int imap_client(CLI *);
> + static int imap_server(CLI *);
>   static int RFC2487(int);
> 
>   int negotiate(CLI *c) {
> ***************
> *** 58,63 ****
> --- 60,67 ----
>           retval = options.option.client ? pop3_client(c) : pop3_server(c);
>       else if(!strcmp(c->opt->protocol, "nntp"))
>           retval = options.option.client ? nntp_client(c) : nntp_server(c);
> +     else if(!strcmp(c->opt->protocol, "imap"))
> +         retval = options.option.client ? imap_client(c) : imap_server(c);
>       else {
>           log(LOG_ERR, "Protocol %s not supported in %s mode",
>               c->opt->protocol, options.option.client ? "client" : "server");
> ***************
> *** 280,283 ****
> --- 284,315 ----
>       }
>   }
> 
> + static int imap_client(CLI *c) {
> +     char line[STRLEN];
> +
> +     if(fdscanf(c, c->remote_fd.fd, "%[^\n]", line)<0)
> +         return -1;
> +     if(strncasecmp(line,"* OK",4)) {
> +         log(LOG_ERR, "Unknown server welcome");
> +         return -1;
> +     }
> +     if(fdprintf(c, c->local_wfd.fd, "%s", line)<0)
> +         return -1;
> +     if(fdprintf(c, c->remote_fd.fd, "tag STARTTLS")<0)
> +         return -1;
> +     if(fdscanf(c, c->remote_fd.fd, "%[^\n]", line)<0)
> +         return -1;
> +     /* should remove untagged line?  */
> +     if(strncasecmp(line,"tag OK",6)) {
> +         log(LOG_ERR, "Server does not support TLS");
> +         return -1;
> +     }
> +     return 0;
> + }
> +
> + static int imap_server(CLI *c) {
> +     log(LOG_ERR, "Protocol not supported in server mode");
> +     return -1;
> + }
> +
>   /* End of protocol.c */
>