fetchmail-friends
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re[2]: [fetchmail] Fetchmail 6.1.1 can't login to a server that 5.9.14 can handle?

2002-11-24 19:30:07
from [Nerijus Baliunas] [Permanent Link] 
On Tue, 19 Nov 2002 17:13:34 +0530 Sunil Shetye 
<shetye(_at_)bombay(_dot_)retortsoft(_dot_)com> wrote:


Quoting from Nerijus Baliunas's mail on Tue, Nov 19, 2002 at 12:06:11AM +0200:

I do not think that security was requested by the user here (unless
you want to call compiling with SSL and not specifying an auth method
as that). Currently, there is no option to enable or disable TLS
explicitly.


IMHO there is:
user aa with pass "xxx" is nerijus here sslproto tls1


Your configuration has given me a hint.

If I understand this correctly, STLS supports only tls1 as the
protocol. Here, if sslproto is not specified, it is using the default.
Could this be causing the socket error?


I don't know for POP3, but for IMAP it may be caused by server
misconfiguration (it happened to me). BTW, imap code used tls1
if there was STARTTLS in capabilities, and it is the last tried
login methon, so why did you remove it? For example, if ctl->sslproto
is ssl2 or ssl3, but other ssl methods failed, will it use
TLS then (i.e. will ctl->sslproto be equal "tls1" then)?
If it won't, maybe it's better to leave imap code as is and
change pop3 code according to imap?


Here is a patch which uses STLS if and only if sslproto is "tls1".
This change has been done in imap also.




=============================================================
diff -Naur fetchmail-6.1.2.orig/imap.c fetchmail-6.1.2/imap.c
--- fetchmail-6.1.2.orig/imap.c        Fri Oct 18 18:39:57 2002
+++ fetchmail-6.1.2/imap.c        Tue Nov 19 16:53:18 2002
@@ -360,17 +360,14 @@
 #ifdef SSL_ENABLE
     if ((ctl->server.authenticate == A_ANY)
         && !ctl->use_ssl
-        && strstr(capabilities, "STARTTLS"))
+        && strstr(capabilities, "STARTTLS")
+        && ctl->sslproto && !strcmp(ctl->sslproto, "tls1"))
     {
            char *realhost;
 
            realhost = ctl->server.via ? ctl->server.via : 
ctl->server.pollname;
            gen_transact(sock, "STARTTLS");
-
-           /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
-            * not other SSL protocols
-            */
-           if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, 
ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+           if 
(SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, 
ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
            {
                report(stderr,
                       GT_("SSL connection failed.\n"));
diff -Naur fetchmail-6.1.2.orig/pop3.c fetchmail-6.1.2/pop3.c
--- fetchmail-6.1.2.orig/pop3.c        Thu Oct 31 18:11:37 2002
+++ fetchmail-6.1.2/pop3.c        Tue Nov 19 16:53:44 2002
@@ -249,7 +249,8 @@
 #ifdef SSL_ENABLE
         if (has_ssl
             && !ctl->use_ssl
-            && (ctl->server.authenticate == A_ANY))
+            && (ctl->server.authenticate == A_ANY)
+            && ctl->sslproto && !strcmp(ctl->sslproto, "tls1"))
         {
             char *realhost;
 
=============================================================

Sunil Shetye.




Regards,
Nerijus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [fetchmail] [PATCH] bug in 6.1.2 regarding broken headers, Matthias Andree
Next by Date:  Re: [fetchmail] Fetchmail 6.1.1 can't login to a server that 5.9.14 can handle?, Sunil Shetye
Previous by Thread:  Re: [fetchmail] Fetchmail 6.1.1 can't login to a server that 5.9.14 can handle?, Sunil Shetye
Next by Thread:  Re: [fetchmail] Fetchmail 6.1.1 can't login to a server that 5.9.14 can handle?, Sunil Shetye
Indexes:  [Date] [Thread] [Top] [All Lists]