[mew-int 2182] Re: IMAP over SSL

Kazu Yamamoto ( 山本和彦 ) kazu at example.com
Wed Jun 21 11:13:04 JST 2006 

Hello,

> Physical location Stockholm.

Congratulation to your national team. :-)

> 1. IMAP + ssl (stunnel):
> 
> I have managed to set up a stunnel by hand and get mew -> localhost ->
> stunnel -> server. I have not been able to figure out what to set to
> get mew to set the stunnel for me, but that seems just to be a matter
> of finding what variables to set to what values. The documentation
> could benefit from some "working examples", cut and pasted from your
> .emacs files.

Quick response to this question only.

> (setq mew-imap-ssl t)
> (setq mew-imap-ssl-port "imap")

If you want to use IMAP over *SSL*, 
mew-imap-ssl-port should be "imaps", not "imap". Since it is the default
value, you should comment out the latter line.

If you want to use IMAP over *TLS*, this configuration is
correct. Unfortunately, "stunnel" does NOT support IMAP over TLS. The
following patch is a qucik hack for IMAP over TLS. Note that this
patch includes the client side (Mew side) only and does not include
the server side.

I have sent this patch to the auther of "stunnel" before but he did
not respond.

--Kazu

*** protocol.c.orig	Mon Apr 11 22:45:56 2005
--- protocol.c	Wed Jun 21 10:43:46 2006
***************
*** 40,45 ****
--- 40,47 ----
  static int pop3_server(CLI *);
  static int nntp_client(CLI *);
  static int nntp_server(CLI *);
+ static int imap_client(CLI *);
+ static int imap_server(CLI *);
  static int RFC2487(CLI *, int);
  
  int negotiate(CLI *c) {
***************
*** 58,63 ****
--- 60,67 ----
          retval = options.option.client ? pop3_client(c) : pop3_server(c);
      else if(!strcmp(c->opt->protocol, "nntp"))
          retval = options.option.client ? nntp_client(c) : nntp_server(c);
+     else if(!strcmp(c->opt->protocol, "imap"))
+         retval = options.option.client ? imap_client(c) : imap_server(c);
      else {
          s_log(LOG_ERR, "Protocol %s not supported in %s mode",
              c->opt->protocol, options.option.client ? "client" : "server");
***************
*** 276,279 ****
--- 280,311 ----
      }
  }
  
+ static int imap_client(CLI *c) {
+     char line[STRLEN];
+ 
+     if(fdscanf(c, c->remote_fd.fd, "%[^\n]", line)<0)
+         return -1;
+     if(strncasecmp(line,"* OK",4)) {
+         log(LOG_ERR, "Unknown server welcome");
+         return -1;
+     }
+     if(fdprintf(c, c->local_wfd.fd, "%s", line)<0)
+         return -1;
+     if(fdprintf(c, c->remote_fd.fd, "tag STARTTLS")<0)
+         return -1;
+     if(fdscanf(c, c->remote_fd.fd, "%[^\n]", line)<0)
+         return -1;
+     /* should remove untagged line?  */
+     if(strncasecmp(line,"tag OK",6)) {
+         log(LOG_ERR, "Server does not support TLS");
+         return -1;
+     }
+     return 0;
+ }
+ 
+ static int imap_server(CLI *c) {
+     log(LOG_ERR, "Protocol not supported in server mode");
+     return -1;
+ }
+ 
  /* End of protocol.c */

More information about the Mew-int mailing list