[mew-int 3179] severe SSL issues

Werner LEMBERG wl at example.com
Thu Jan 9 20:31:43 JST 2014 

Folks,


I'm not able to run SMTP over SSL.  There are a bunch of issues.

  . openSuSE 12.3 doesn't come with stunnel by default; I had to
    install an additional repository for that (security:Stunnel);
    hopefully, other distros are better here :-)

  . By default, stunnel gets installed as `/usr/sbin/stunnel', which
    is not in the standard path of a user.  I've created a soft link
    to `~/bin/stunnel'.  I've also created a soft link from the
    `/etc/ssl/certs' directory to `~/.certs' to get all `*.0' files
    already coming with the distribution.

  . This is what I've added to .emacs:

      (setq mew-smtp-ssl t)
      (setq mew-smtp-port 465)
      (setq mew-smtp-ssl-port mew-smtp-port)
      (setq mew-ssl-verify-level 0)

  . Using emacs 24.3.50.1 from 2013-07-22, I get the message

      Creating an SSL/TLS connection...

    and then Emacs hangs.  Completely.  No key causes any reaction.
    Interestingly, I can access the menu with the mouse, however, it
    doesn't do anything.  For example, selecting `Quit' doesn't quit
    Emacs.

    I tried to debug mew-open-ssl-stream, however, stepping through
    this function I get a `FAILED' instead of a connection – this is
    certainly due to my lack of knowledge how to properly debug Mew's
    elisp code...

  . While stepping through the elisp code, I've saved the temporary
    stunnel configuration file:

------ stunnel.conf ------

client=yes
pid=
verify=0
foreground=yes
debug=debug
libwrap=no
syslog=no
CApath=/home/wl/.certs
[11441]
accept=127.0.0.1:11441
connect=mail.gmx.net:465
protocol=smtp
sslVersion=TLSv1

--------------------------

    Manually executing

      stunnel stunnel.conf

    on the command line I get

      Clients allowed=500
      stunnel 4.56 on i586-suse-linux-gnu platform
      Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
      Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
      Reading configuration from file stunnel.conf
      FIPS_mode_set: F06D065:
        error:0F06D065:common libcrypto routines:
        FIPS_mode_set:fips mode not supported
      Line 9: "[11441]": Failed to initialize SSL
      str_stats: 4 block(s), 42 data byte(s), 168 control byte(s)

    No idea whether this is valid or not...

Any advice how to proceed and debug is highly welcomed.  Since my mail
provider is going to use SSL connections only in the very near future,
this is quite an urgent issue for me.


    Werner

More information about the Mew-int mailing list