Re: [PATCH] POP3 Over SSL with openssl

Re: [PATCH] POP3 Over SSL with openssl

[Reiner Steib]

On Mon, Mar 03 2008, Naohiro Aota wrote:

> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
> stopped working displaing "Retrieving message 1 of 5 from myserver...".
> Then I found that without -ign_eof and -quiet argument, openssl doesn't
> send line begins with "R" or "Q" to server but renegotiate or quit its
> connection. So sending "RETR" command made this problem.
>
> I suggest to call openssl commands with "-ign_eof" argument. Please find
> the patch below.

Does anyone see a problem with this?

> 2008-03-03  Naohiro Aota  <nao.aota@gmail.com>
>
> 	* tls.el (tls-program): Add -ign_eof argument to call the openssl
> 	commands.
> 	(tls-checktrust): Ditto.
>
> Index: lisp/tls.el
> ===================================================================
> RCS file: /usr/local/cvsroot/gnus/lisp/tls.el,v
> retrieving revision 7.23
> diff -u -r7.23 tls.el
> --- lisp/tls.el	1 Mar 2008 01:48:13 -0000	7.23
> +++ lisp/tls.el	3 Mar 2008 08:56:24 -0000
> @@ -80,7 +80,7 @@
>
>  (defcustom tls-program '("gnutls-cli -p %p %h"
>  			 "gnutls-cli -p %p %h --protocols ssl3"
> -			 "openssl s_client -connect %h:%p -no_ssl2")
> +			 "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
>    "List of strings containing commands to start TLS stream to a host.
>  Each entry in the list is tried until a connection is successful.
>  %h is replaced with server hostname, %p with port to connect to.
> @@ -97,23 +97,23 @@
>  	  :value
>  	  ("gnutls-cli -p %p %h"
>  	   "gnutls-cli -p %p %h --protocols ssl3"
> -	   "openssl s_client -connect %h:%p -no_ssl2")
> +	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
>  	  (set :inline t
>  	       ;; FIXME: add brief `:tag "..."' descriptions.
>  	       ;; (repeat :inline t :tag "Other" (string))
>  	       ;; See `tls-checktrust':
>  	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h")
>  	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
> -	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2")
> +	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
>  	       ;; No trust check:
>  	       (const "gnutls-cli -p %p %h")
>  	       (const "gnutls-cli -p %p %h --protocols ssl3")
> -	       (const "openssl s_client -connect %h:%p -no_ssl2"))
> +	       (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
>  	  (repeat :inline t :tag "Other" (string)))
>      (const :tag "Default list of commands"
>  	   ("gnutls-cli -p %p %h"
>  	    "gnutls-cli -p %p %h --protocols ssl3"
> -	    "openssl s_client -connect %h:%p -no_ssl2"))
> +	    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
>      (list :tag "List of commands"
>  	  (repeat :tag "Command" (string))))
>    :version "22.1"
> @@ -144,7 +144,7 @@
>  \(setq tls-program
>        '(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
>  	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
> -	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2\"))"
> +	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
>    :type '(choice (const :tag "Always" t)
>  		 (const :tag "Never" nil)
>  		 (const :tag "Ask" ask))

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: [PATCH] POP3 Over SSL with openssl

[Elias Oltmanns]

Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?

Since I don't use POP3, I can't test that. However, it looks fine to me
and it certainly doesn't break IMAP (checked that).

Regards,

Elias

Re: [PATCH] POP3 Over SSL with openssl

[Naohiro Aota]

Elias Oltmanns <eo@nebensachen.de> writes:

> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>
>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>> connection. So sending "RETR" command made this problem.
>>>
>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>> the patch below.
>>
>> Does anyone see a problem with this?
>
> Since I don't use POP3, I can't test that. However, it looks fine to me
> and it certainly doesn't break IMAP (checked that).

Aren't you using "ssl" as nnimap-stream? If so, please check
`imap-ssl-program' to find out how openssl is called. By default, this
variable is set as following.

'("openssl s_client -quiet -ssl3 -connect %s:%p"
  "openssl s_client -quiet -ssl2 -connect %s:%p"
  "s_client -quiet -ssl3 -connect %s:%p"
  "s_client -quiet -ssl2 -connect %s:%p")

In this case, openssl is called with "-quiet" argument, which also make
openssl ignore eof, so that it works fine.

Regards,

Naohiro

Re: [PATCH] POP3 Over SSL with openssl

[Elias Oltmanns]

Naohiro Aota <nao.aota@gmail.com> wrote:
> Elias Oltmanns <eo@nebensachen.de> writes:
>
>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>
>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>> connection. So sending "RETR" command made this problem.
>>>>
>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>> the patch below.
>>>
>>> Does anyone see a problem with this?
>>
>> Since I don't use POP3, I can't test that. However, it looks fine to me
>> and it certainly doesn't break IMAP (checked that).
>
> Aren't you using "ssl" as nnimap-stream?

No, I'm using tls. Sorry if you got the wrong impression, but my comment
was meant as an acknowledgement to back your change.

> If so, please check `imap-ssl-program' to find out how openssl is
> called. By default, this variable is set as following.
>
> '("openssl s_client -quiet -ssl3 -connect %s:%p"
>   "openssl s_client -quiet -ssl2 -connect %s:%p"
>   "s_client -quiet -ssl3 -connect %s:%p"
>   "s_client -quiet -ssl2 -connect %s:%p")
>
> In this case, openssl is called with "-quiet" argument, which also make
> openssl ignore eof, so that it works fine.

Yes, I know. All I wanted to confirm was that it also works with tls
since your change was concerned with tls-program rather than
imap-ssl-program.

Regards,

Elias

Re: [PATCH] POP3 Over SSL with openssl

[Naohiro Aota]

Elias Oltmanns <eo@nebensachen.de> writes:

> Naohiro Aota <nao.aota@gmail.com> wrote:
>> Elias Oltmanns <eo@nebensachen.de> writes:
>>
>>> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>>>> On Mon, Mar 03 2008, Naohiro Aota wrote:
>>>>
>>>>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>>>>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>>>>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>>>>> send line begins with "R" or "Q" to server but renegotiate or quit its
>>>>> connection. So sending "RETR" command made this problem.
>>>>>
>>>>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>>>>> the patch below.
>>>>
>>>> Does anyone see a problem with this?
>>>
>>> Since I don't use POP3, I can't test that. However, it looks fine to me
>>> and it certainly doesn't break IMAP (checked that).
>>
>> Aren't you using "ssl" as nnimap-stream?
>
> No, I'm using tls. Sorry if you got the wrong impression, but my comment
> was meant as an acknowledgement to back your change.
>
>> If so, please check `imap-ssl-program' to find out how openssl is
>> called. By default, this variable is set as following.
>>
>> '("openssl s_client -quiet -ssl3 -connect %s:%p"
>>   "openssl s_client -quiet -ssl2 -connect %s:%p"
>>   "s_client -quiet -ssl3 -connect %s:%p"
>>   "s_client -quiet -ssl2 -connect %s:%p")
>>
>> In this case, openssl is called with "-quiet" argument, which also make
>> openssl ignore eof, so that it works fine.
>
> Yes, I know. All I wanted to confirm was that it also works with tls
> since your change was concerned with tls-program rather than
> imap-ssl-program.

Oups. I'm sorry for my misunderstanding. Thanks for your testing.

Regards,

Naohiro

Re: [PATCH] POP3 Over SSL with openssl

[Reiner Steib]

On Tue, Mar 04 2008, Reiner Steib wrote:

> On Mon, Mar 03 2008, Naohiro Aota wrote:
>
>> I tried to retrieve mails by POP3 Over SSL with openssl, but Gnus
>> stopped working displaing "Retrieving message 1 of 5 from myserver...".
>> Then I found that without -ign_eof and -quiet argument, openssl doesn't
>> send line begins with "R" or "Q" to server but renegotiate or quit its
>> connection. So sending "RETR" command made this problem.
>>
>> I suggest to call openssl commands with "-ign_eof" argument. Please find
>> the patch below.
>
> Does anyone see a problem with this?

Installed (in Gnus trunk).  Thanks for your contribution.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/