unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Re: [PATCH] POP3 Over SSL with openssl
       [not found] <87mypgi37v.fsf@gmail.com>
@ 2008-03-04 22:37 ` Reiner Steib
  2008-03-05 12:37   ` Elias Oltmanns
  2008-04-13 20:58   ` Reiner Steib
  0 siblings, 2 replies; 6+ messages in thread
From: Reiner Steib @ 2008-03-04 22:37 UTC (permalink / raw)
  To: Naohiro Aota; +Cc: Elias Oltmanns, ding, emacs-devel

On Mon, Mar 03 2008, Naohiro Aota wrote:

> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
> stopped working displaing "Retrieving message 1 of 5 from myserver...".
> Then I found that without -ign_eof and -quiet argument, openssl doesn't
> send line begins with "R" or "Q" to server but renegotiate or quit its
> connection. So sending "RETR" command made this problem.
>
> I suggest to call openssl commands with "-ign_eof" argument. Please find
> the patch below.

Does anyone see a problem with this?

> 2008-03-03  Naohiro Aota  <nao.aota@gmail.com>
>
> 	* tls.el (tls-program): Add -ign_eof argument to call the openssl
> 	commands.
> 	(tls-checktrust): Ditto.
>
> Index: lisp/tls.el
> ===================================================================
> RCS file: /usr/local/cvsroot/gnus/lisp/tls.el,v
> retrieving revision 7.23
> diff -u -r7.23 tls.el
> --- lisp/tls.el	1 Mar 2008 01:48:13 -0000	7.23
> +++ lisp/tls.el	3 Mar 2008 08:56:24 -0000
> @@ -80,7 +80,7 @@
>
>  (defcustom tls-program '("gnutls-cli -p %p %h"
>  			 "gnutls-cli -p %p %h --protocols ssl3"
> -			 "openssl s_client -connect %h:%p -no_ssl2")
> +			 "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
>    "List of strings containing commands to start TLS stream to a host.
>  Each entry in the list is tried until a connection is successful.
>  %h is replaced with server hostname, %p with port to connect to.
> @@ -97,23 +97,23 @@
>  	  :value
>  	  ("gnutls-cli -p %p %h"
>  	   "gnutls-cli -p %p %h --protocols ssl3"
> -	   "openssl s_client -connect %h:%p -no_ssl2")
> +	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
>  	  (set :inline t
>  	       ;; FIXME: add brief `:tag "..."' descriptions.
>  	       ;; (repeat :inline t :tag "Other" (string))
>  	       ;; See `tls-checktrust':
>  	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h")
>  	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
> -	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2")
> +	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
>  	       ;; No trust check:
>  	       (const "gnutls-cli -p %p %h")
>  	       (const "gnutls-cli -p %p %h --protocols ssl3")
> -	       (const "openssl s_client -connect %h:%p -no_ssl2"))
> +	       (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
>  	  (repeat :inline t :tag "Other" (string)))
>      (const :tag "Default list of commands"
>  	   ("gnutls-cli -p %p %h"
>  	    "gnutls-cli -p %p %h --protocols ssl3"
> -	    "openssl s_client -connect %h:%p -no_ssl2"))
> +	    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
>      (list :tag "List of commands"
>  	  (repeat :tag "Command" (string))))
>    :version "22.1"
> @@ -144,7 +144,7 @@
>  \(setq tls-program
>        '(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
>  	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
> -	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2\"))"
> +	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
>    :type '(choice (const :tag "Always" t)
>  		 (const :tag "Never" nil)
>  		 (const :tag "Ask" ask))

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] POP3 Over SSL with openssl
  2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
@ 2008-03-05 12:37   ` Elias Oltmanns
  2008-03-05 19:53     ` Naohiro Aota
  2008-04-13 20:58   ` Reiner Steib
  1 sibling, 1 reply; 6+ messages in thread
From: Elias Oltmanns @ 2008-03-05 12:37 UTC (permalink / raw)
  To: emacs-devel; +Cc: ding

Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?

Since I don't use POP3, I can't test that. However, it looks fine to me
and it certainly doesn't break IMAP (checked that).

Regards,

Elias





^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] POP3 Over SSL with openssl
  2008-03-05 12:37   ` Elias Oltmanns
@ 2008-03-05 19:53     ` Naohiro Aota
  2008-03-06 10:14       ` Elias Oltmanns
  0 siblings, 1 reply; 6+ messages in thread
From: Naohiro Aota @ 2008-03-05 19:53 UTC (permalink / raw)
  To: Elias Oltmanns; +Cc: ding, emacs-devel

Elias Oltmanns <eo@nebensachen.de> writes:

> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>
>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>> connection. So sending "RETR" command made this problem.
>>>
>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>> the patch below.
>>
>> Does anyone see a problem with this?
>
> Since I don't use POP3, I can't test that. However, it looks fine to me
> and it certainly doesn't break IMAP (checked that).

Aren't you using "ssl" as nnimap-stream? If so, please check
`imap-ssl-program' to find out how openssl is called. By default, this
variable is set as following.

'("openssl s_client -quiet -ssl3 -connect %s:%p"
  "openssl s_client -quiet -ssl2 -connect %s:%p"
  "s_client -quiet -ssl3 -connect %s:%p"
  "s_client -quiet -ssl2 -connect %s:%p")

In this case, openssl is called with "-quiet" argument, which also make
openssl ignore eof, so that it works fine.

Regards,

Naohiro




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] POP3 Over SSL with openssl
  2008-03-05 19:53     ` Naohiro Aota
@ 2008-03-06 10:14       ` Elias Oltmanns
  2008-03-08 10:04         ` Naohiro Aota
  0 siblings, 1 reply; 6+ messages in thread
From: Elias Oltmanns @ 2008-03-06 10:14 UTC (permalink / raw)
  To: emacs-devel; +Cc: ding

Naohiro Aota <nao.aota@gmail.com> wrote:
> Elias Oltmanns <eo@nebensachen.de> writes:
>
>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>
>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>> connection. So sending "RETR" command made this problem.
>>>>
>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>> the patch below.
>>>
>>> Does anyone see a problem with this?
>>
>> Since I don't use POP3, I can't test that. However, it looks fine to me
>> and it certainly doesn't break IMAP (checked that).
>
> Aren't you using "ssl" as nnimap-stream?

No, I'm using tls. Sorry if you got the wrong impression, but my comment
was meant as an acknowledgement to back your change.

> If so, please check `imap-ssl-program' to find out how openssl is
> called. By default, this variable is set as following.
>
> '("openssl s_client -quiet -ssl3 -connect %s:%p"
>   "openssl s_client -quiet -ssl2 -connect %s:%p"
>   "s_client -quiet -ssl3 -connect %s:%p"
>   "s_client -quiet -ssl2 -connect %s:%p")
>
> In this case, openssl is called with "-quiet" argument, which also make
> openssl ignore eof, so that it works fine.

Yes, I know. All I wanted to confirm was that it also works with tls
since your change was concerned with tls-program rather than
imap-ssl-program.

Regards,

Elias





^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] POP3 Over SSL with openssl
  2008-03-06 10:14       ` Elias Oltmanns
@ 2008-03-08 10:04         ` Naohiro Aota
  0 siblings, 0 replies; 6+ messages in thread
From: Naohiro Aota @ 2008-03-08 10:04 UTC (permalink / raw)
  To: Elias Oltmanns; +Cc: emacs-devel, ding

Elias Oltmanns <eo@nebensachen.de> writes:

> Naohiro Aota <nao.aota@gmail.com> wrote:
>> Elias Oltmanns <eo@nebensachen.de> writes:
>>
>>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>>
>>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>>> connection. So sending "RETR" command made this problem.
>>>>>
>>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>>> the patch below.
>>>>
>>>> Does anyone see a problem with this?
>>>
>>> Since I don't use POP3, I can't test that. However, it looks fine to me
>>> and it certainly doesn't break IMAP (checked that).
>>
>> Aren't you using "ssl" as nnimap-stream?
>
> No, I'm using tls. Sorry if you got the wrong impression, but my comment
> was meant as an acknowledgement to back your change.
>
>> If so, please check `imap-ssl-program' to find out how openssl is
>> called. By default, this variable is set as following.
>>
>> '("openssl s_client -quiet -ssl3 -connect %s:%p"
>>   "openssl s_client -quiet -ssl2 -connect %s:%p"
>>   "s_client -quiet -ssl3 -connect %s:%p"
>>   "s_client -quiet -ssl2 -connect %s:%p")
>>
>> In this case, openssl is called with "-quiet" argument, which also make
>> openssl ignore eof, so that it works fine.
>
> Yes, I know. All I wanted to confirm was that it also works with tls
> since your change was concerned with tls-program rather than
> imap-ssl-program.

Oups. I'm sorry for my misunderstanding. Thanks for your testing.

Regards,

Naohiro



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] POP3 Over SSL with openssl
  2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
  2008-03-05 12:37   ` Elias Oltmanns
@ 2008-04-13 20:58   ` Reiner Steib
  1 sibling, 0 replies; 6+ messages in thread
From: Reiner Steib @ 2008-04-13 20:58 UTC (permalink / raw)
  To: Naohiro Aota; +Cc: ding, emacs-devel, Elias Oltmanns

On Tue, Mar 04 2008, Reiner Steib wrote:

> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?

Installed (in Gnus trunk).  Thanks for your contribution.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2008-04-13 20:58 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <87mypgi37v.fsf@gmail.com>
2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
2008-03-05 12:37   ` Elias Oltmanns
2008-03-05 19:53     ` Naohiro Aota
2008-03-06 10:14       ` Elias Oltmanns
2008-03-08 10:04         ` Naohiro Aota
2008-04-13 20:58   ` Reiner Steib

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).