* Re: [PATCH] POP3 Over SSL with openssl
[not found] <87mypgi37v.fsf@gmail.com>
@ 2008-03-04 22:37 ` Reiner Steib
2008-03-05 12:37 ` Elias Oltmanns
2008-04-13 20:58 ` Reiner Steib
0 siblings, 2 replies; 6+ messages in thread
From: Reiner Steib @ 2008-03-04 22:37 UTC (permalink / raw)
To: Naohiro Aota; +Cc: Elias Oltmanns, ding, emacs-devel
On Mon, Mar 03 2008, Naohiro Aota wrote:
> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
> stopped working displaing "Retrieving message 1 of 5 from myserver...".
> Then I found that without -ign_eof and -quiet argument, openssl doesn't
> send line begins with "R" or "Q" to server but renegotiate or quit its
> connection. So sending "RETR" command made this problem.
>
> I suggest to call openssl commands with "-ign_eof" argument. Please find
> the patch below.
Does anyone see a problem with this?
> 2008-03-03 Naohiro Aota <nao.aota@gmail.com>
>
> * tls.el (tls-program): Add -ign_eof argument to call the openssl
> commands.
> (tls-checktrust): Ditto.
>
> Index: lisp/tls.el
> ===================================================================
> RCS file: /usr/local/cvsroot/gnus/lisp/tls.el,v
> retrieving revision 7.23
> diff -u -r7.23 tls.el
> --- lisp/tls.el 1 Mar 2008 01:48:13 -0000 7.23
> +++ lisp/tls.el 3 Mar 2008 08:56:24 -0000
> @@ -80,7 +80,7 @@
>
> (defcustom tls-program '("gnutls-cli -p %p %h"
> "gnutls-cli -p %p %h --protocols ssl3"
> - "openssl s_client -connect %h:%p -no_ssl2")
> + "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
> "List of strings containing commands to start TLS stream to a host.
> Each entry in the list is tried until a connection is successful.
> %h is replaced with server hostname, %p with port to connect to.
> @@ -97,23 +97,23 @@
> :value
> ("gnutls-cli -p %p %h"
> "gnutls-cli -p %p %h --protocols ssl3"
> - "openssl s_client -connect %h:%p -no_ssl2")
> + "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
> (set :inline t
> ;; FIXME: add brief `:tag "..."' descriptions.
> ;; (repeat :inline t :tag "Other" (string))
> ;; See `tls-checktrust':
> (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h")
> (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
> - (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2")
> + (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
> ;; No trust check:
> (const "gnutls-cli -p %p %h")
> (const "gnutls-cli -p %p %h --protocols ssl3")
> - (const "openssl s_client -connect %h:%p -no_ssl2"))
> + (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
> (repeat :inline t :tag "Other" (string)))
> (const :tag "Default list of commands"
> ("gnutls-cli -p %p %h"
> "gnutls-cli -p %p %h --protocols ssl3"
> - "openssl s_client -connect %h:%p -no_ssl2"))
> + "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
> (list :tag "List of commands"
> (repeat :tag "Command" (string))))
> :version "22.1"
> @@ -144,7 +144,7 @@
> \(setq tls-program
> '(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
> \"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
> - \"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2\"))"
> + \"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
> :type '(choice (const :tag "Always" t)
> (const :tag "Never" nil)
> (const :tag "Ask" ask))
Bye, Reiner.
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] POP3 Over SSL with openssl
2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
@ 2008-03-05 12:37 ` Elias Oltmanns
2008-03-05 19:53 ` Naohiro Aota
2008-04-13 20:58 ` Reiner Steib
1 sibling, 1 reply; 6+ messages in thread
From: Elias Oltmanns @ 2008-03-05 12:37 UTC (permalink / raw)
To: emacs-devel; +Cc: ding
Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?
Since I don't use POP3, I can't test that. However, it looks fine to me
and it certainly doesn't break IMAP (checked that).
Regards,
Elias
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] POP3 Over SSL with openssl
2008-03-05 12:37 ` Elias Oltmanns
@ 2008-03-05 19:53 ` Naohiro Aota
2008-03-06 10:14 ` Elias Oltmanns
0 siblings, 1 reply; 6+ messages in thread
From: Naohiro Aota @ 2008-03-05 19:53 UTC (permalink / raw)
To: Elias Oltmanns; +Cc: ding, emacs-devel
Elias Oltmanns <eo@nebensachen.de> writes:
> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>
>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>> connection. So sending "RETR" command made this problem.
>>>
>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>> the patch below.
>>
>> Does anyone see a problem with this?
>
> Since I don't use POP3, I can't test that. However, it looks fine to me
> and it certainly doesn't break IMAP (checked that).
Aren't you using "ssl" as nnimap-stream? If so, please check
`imap-ssl-program' to find out how openssl is called. By default, this
variable is set as following.
'("openssl s_client -quiet -ssl3 -connect %s:%p"
"openssl s_client -quiet -ssl2 -connect %s:%p"
"s_client -quiet -ssl3 -connect %s:%p"
"s_client -quiet -ssl2 -connect %s:%p")
In this case, openssl is called with "-quiet" argument, which also make
openssl ignore eof, so that it works fine.
Regards,
Naohiro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] POP3 Over SSL with openssl
2008-03-05 19:53 ` Naohiro Aota
@ 2008-03-06 10:14 ` Elias Oltmanns
2008-03-08 10:04 ` Naohiro Aota
0 siblings, 1 reply; 6+ messages in thread
From: Elias Oltmanns @ 2008-03-06 10:14 UTC (permalink / raw)
To: emacs-devel; +Cc: ding
Naohiro Aota <nao.aota@gmail.com> wrote:
> Elias Oltmanns <eo@nebensachen.de> writes:
>
>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>
>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>> connection. So sending "RETR" command made this problem.
>>>>
>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>> the patch below.
>>>
>>> Does anyone see a problem with this?
>>
>> Since I don't use POP3, I can't test that. However, it looks fine to me
>> and it certainly doesn't break IMAP (checked that).
>
> Aren't you using "ssl" as nnimap-stream?
No, I'm using tls. Sorry if you got the wrong impression, but my comment
was meant as an acknowledgement to back your change.
> If so, please check `imap-ssl-program' to find out how openssl is
> called. By default, this variable is set as following.
>
> '("openssl s_client -quiet -ssl3 -connect %s:%p"
> "openssl s_client -quiet -ssl2 -connect %s:%p"
> "s_client -quiet -ssl3 -connect %s:%p"
> "s_client -quiet -ssl2 -connect %s:%p")
>
> In this case, openssl is called with "-quiet" argument, which also make
> openssl ignore eof, so that it works fine.
Yes, I know. All I wanted to confirm was that it also works with tls
since your change was concerned with tls-program rather than
imap-ssl-program.
Regards,
Elias
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] POP3 Over SSL with openssl
2008-03-06 10:14 ` Elias Oltmanns
@ 2008-03-08 10:04 ` Naohiro Aota
0 siblings, 0 replies; 6+ messages in thread
From: Naohiro Aota @ 2008-03-08 10:04 UTC (permalink / raw)
To: Elias Oltmanns; +Cc: emacs-devel, ding
Elias Oltmanns <eo@nebensachen.de> writes:
> Naohiro Aota <nao.aota@gmail.com> wrote:
>> Elias Oltmanns <eo@nebensachen.de> writes:
>>
>>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>>
>>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>>> connection. So sending "RETR" command made this problem.
>>>>>
>>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>>> the patch below.
>>>>
>>>> Does anyone see a problem with this?
>>>
>>> Since I don't use POP3, I can't test that. However, it looks fine to me
>>> and it certainly doesn't break IMAP (checked that).
>>
>> Aren't you using "ssl" as nnimap-stream?
>
> No, I'm using tls. Sorry if you got the wrong impression, but my comment
> was meant as an acknowledgement to back your change.
>
>> If so, please check `imap-ssl-program' to find out how openssl is
>> called. By default, this variable is set as following.
>>
>> '("openssl s_client -quiet -ssl3 -connect %s:%p"
>> "openssl s_client -quiet -ssl2 -connect %s:%p"
>> "s_client -quiet -ssl3 -connect %s:%p"
>> "s_client -quiet -ssl2 -connect %s:%p")
>>
>> In this case, openssl is called with "-quiet" argument, which also make
>> openssl ignore eof, so that it works fine.
>
> Yes, I know. All I wanted to confirm was that it also works with tls
> since your change was concerned with tls-program rather than
> imap-ssl-program.
Oups. I'm sorry for my misunderstanding. Thanks for your testing.
Regards,
Naohiro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] POP3 Over SSL with openssl
2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
2008-03-05 12:37 ` Elias Oltmanns
@ 2008-04-13 20:58 ` Reiner Steib
1 sibling, 0 replies; 6+ messages in thread
From: Reiner Steib @ 2008-04-13 20:58 UTC (permalink / raw)
To: Naohiro Aota; +Cc: ding, emacs-devel, Elias Oltmanns
On Tue, Mar 04 2008, Reiner Steib wrote:
> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?
Installed (in Gnus trunk). Thanks for your contribution.
Bye, Reiner.
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-04-13 20:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <87mypgi37v.fsf@gmail.com>
2008-03-04 22:37 ` [PATCH] POP3 Over SSL with openssl Reiner Steib
2008-03-05 12:37 ` Elias Oltmanns
2008-03-05 19:53 ` Naohiro Aota
2008-03-06 10:14 ` Elias Oltmanns
2008-03-08 10:04 ` Naohiro Aota
2008-04-13 20:58 ` Reiner Steib
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).