[mew-int 01901] Re: TLS

Fri Oct 29 20:08:00 JST 2004

Cheers,

I upgraded to mew 4.1.50 and it seems that stunnel is able to connect
but then the imap connection is lost, this is from *Messages*:

Setting up Mew world...
Updating status...done
Setting up Mew world...done
Creating an SSL/TLS connection...done
Connecting to the IMAP server...done
Communicating with the IMAP server...
IMAP connection is lost
Making completion list...
Loading view...done

And this is what i get from *Mew debug*:

-----------------------------------
<SSL/TLS: >
2004.10.29 11:35:29 LOG5[4091:1076623808]: stunnel 4.05 on
i386-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2004.10.29 11:35:29 LOG7[4091:1076623808]: RAND_status claims
sufficient entropy for the PRNG
2004.10.29 11:35:29 LOG6[4091:1076623808]: PRNG seeded successfully
2004.10.29 11:35:29 LOG7[4091:1076623808]: Verify directory set to
/home/jman/.certs
2004.10.29 11:35:29 LOG5[4091:1076623808]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
2004.10.29 11:35:29 LOG7[4091:1076623808]: FD 3 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076623808]: SO_REUSEADDR option set on
accept socket
2004.10.29 11:35:29 LOG7[4091:1076623808]: 10148 bound to 127.0.0.1:10148
2004.10.29 11:35:29 LOG7[4091:1076623808]: FD 7 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076623808]: FD 9 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076623808]: No pid file being created

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076623808]: 10148 accepted FD=10 from
127.0.0.1:32883
2004.10.29 11:35:29 LOG7[4091:1076623808]: FD 10 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076861872]: 10148 started
2004.10.29 11:35:29 LOG5[4091:1076861872]: 10148 connected from 127.0.0.1:32883
2004.10.29 11:35:29 LOG7[4091:1076861872]: FD 11 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076861872]: 10148 connecting 193.136.173.1:993
2004.10.29 11:35:29 LOG7[4091:1076861872]: remote connect #1:
EINPROGRESS: retrying
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: FD=11, DIR=write

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: ok
2004.10.29 11:35:29 LOG7[4091:1076861872]: Remote FD=11 initialized
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect):
before/connect initialization
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
write client hello A
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: FD=11, DIR=read

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: ok
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
read server hello A
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: FD=11, DIR=read

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: ok
2004.10.29 11:35:29 LOG5[4091:1076861872]: VERIFY IGNORE: depth=2,
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root

<SSL/TLS: >
2004.10.29 11:35:29 LOG5[4091:1076861872]: VERIFY IGNORE: depth=2,
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
2004.10.29 11:35:29 LOG5[4091:1076861872]: VERIFY IGNORE: depth=1,
/C=pt/O=MULTICERT-CA/CN=MULTICERT-CA 01
2004.10.29 11:35:29 LOG5[4091:1076861872]: VERIFY IGNORE: depth=0,
/C=PT/O=MULTICERT-CA/OU=CERTIPOR - RA/OU=Corporate/OU=Centro de
Informatica e Comunicacoes - Universidade de
Aveiro/OU=mail.ua.pt/OU=Web Server/CN=mail.ua.pt
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
read server certificate A
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
read server done A
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
write client key exchange A
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
write change cipher spec A
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
write finished A
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3 flush data
2004.10.29 11:35:29 LOG7[4091:

<SSL/TLS: >
1076861872]: waitforsocket: FD=11, DIR=read

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: ok
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: FD=11, DIR=read

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: waitforsocket: ok

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL state (connect): SSLv3
read finished A
2004.10.29 11:35:29 LOG7[4091:1076861872]:    1 items in the session cache
2004.10.29 11:35:29 LOG7[4091:1076861872]:    1 client connects (SSL_connect())
2004.10.29 11:35:29 LOG7[4091:1076861872]:    1 client connects that finished
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 client
renegotiatations requested
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 server connects (SSL_accept())
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 server connects that finished
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 server
renegotiatiations requested
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 session cache hits
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 session cache misses
2004.10.29 11:35:29 LOG7[4091:1076861872]:    0 session cache timeouts
2004.10.29 11:35:29 LOG6[4091:1076861872]: Negotiated ciphers:
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168)
Mac=SHA1

<SSL/TLS: >
2004.10.29 11:35:29 LOG7[4091:1076861872]: Socket closed on read
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL write shutdown (output
buffer empty)
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL alert (write): warning:
close notify
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL_shutdown retrying
2004.10.29 11:35:29 LOG7[4091:1076623808]: 10148 accepted FD=12 from
127.0.0.1:32885
2004.10.29 11:35:29 LOG7[4091:1076623808]: FD 12 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076931504]: 10148 started
2004.10.29 11:35:29 LOG5[4091:1076931504]: 10148 connected from 127.0.0.1:32885
2004.10.29 11:35:29 LOG7[4091:1076931504]: FD 13 in non-blocking mode
2004.10.29 11:35:29 LOG7[4091:1076931504]: 10148 connecting 193.136.173.1:993
2004.10.29 11:35:29 LOG7[4091:1076931504]: remote connect #1:
EINPROGRESS: retrying
2004.10.29 11:35:29 LOG7[4091:1076931504]: waitforsocket: FD=13, DIR=write
2004.10.29 11:35:29 LOG7[4091:1076861872]: SSL alert (read): warning:
close notify
2004.10.29 11:35:29 LOG7[4091:1076861872]: S

<SSL/TLS: >
SL closed on SSL_read
2004.10.29 11:35:29 LOG7[4091:1076861872]: Socket write shutdown
(output buffer empty)
2004.10.29 11:35:29 LOG5[4091:1076861872]: Connection closed: 0 bytes
sent to SSL, 74 bytes sent to socket
2004.10.29 11:35:29 LOG7[4091:1076861872]: 10148 finished (1 left)
2004.10.29 11:35:29 LOG3[4091:1076623808]: Received signal 1; terminating

<IMAP SENTINEL>
exited abnormally with code 256
-----------------------------------

It seems the connection is cut from the server side...

Rui

On Fri, 29 Oct 2004 11:32:27 +0900 (JST), 山本和彦 Kazu Yamamoto
<kazu at example.com> wrote:
> Hello,
> 
> > 1. Mew 4.1 tries to use the binary /usr/sbin/stunnel but doesn't find
> > it since stunnel4, in debian, is installed as /usr/sbin/stunnel4.
> >     Anyway i created a link and i could proceed.
> 
> Configure:
>         (setq mew-prog-ssl "stunnel4")
> 
> > 2. I applied your patch to stunnel4 (debian source) but it stops
> > working while trying to connect, and emacs stops responding too so i
> > have to kill it
> 
> Mew 4.1 has a serious bug related to SSL/TLS. So, you should use Mew
> current (anon CVS) or Mew 4.1.50.
> 
> > (it would be nice to have the option of killing emacs
> > processes without killing it completely as this happens all too often,
> > ex. when a wireless connection isn't great and mew just keeps trying
> > getting or sending things blocking all emacs usage).
> 
> Does C-uC-cC-k meet your requirement?
> 
> >     I also tried to run stunnel by hand using the same conf file mew
> > created in /tmp to see the messages it issued and this is what i got:
> > 2004.10.28 18:10:22 LOG7[8458:1076623808]: 8204 bound to 127.0.0.1:8204
> 
> You should understand that stunnel does not negotiate cryptographic
> parameters until a first connection comes. So, you should additionally
> do
>         % telnet localhost 8204
> 
> Try this and tell me what happens.
> 
> --Kazu
>