Re: [Nmh-workers] TLS support for POP merged to master

Ken Hornstein <kenh(_at_)pobox(_dot_)com> writes:

I've merged into the main tree a complete reworking of our networking
code.  Now all of the network security layer has been moved into a
single set of routines (see h/netsec.h and sbr/netsec.c) and our POP and


Thanks for all the work Ken!  This new stuff looks quite nice.
However I'm having some trouble with it.

inc(1) and msgchk(1)).


You missed msgchk, as far as I can tell.

Existing users should notice almost no change, with one significant
exception.  Users who use the new OAuth authentication support are now
required to add the -sasl flag to the appropriate utilities.  The OAuth


I run inc like this:

#: in .mh_profile
inc: -host pop.gmail.com -saslmech xoauth2 -authservice gmail -user 
eric(_dot_)gillespie(_at_)gmail(_dot_)com

inc -proxy 'openssl s_client -connect %h:995 -verify 5 -verify_return_error 
-quiet'

Tonight I read over and then tried the latest stuff, like this:

inc: -host pop.gmail.com -port 995 -initialtls -sasl -saslmech xoauth2 
-authservice gmail -user eric(_dot_)gillespie(_at_)gmail(_dot_)com

but it crashes after a few messages with "inc: TLS peer aborted
connection".  Redacted -snoop transcript:

1 nmh% uip/inc -snoop
Trying to connect to "pop.gmail.com" ...
Connecting to 74.125.28.108:995...
TLS negotiation successful: ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1/SSLv3
(tls-decrypted) <= +OK Gpop ready for requests from 50.247.106.229 
a17mb14133711oii
(tls-encrypted) => CAPA
(tls-decrypted) <= +OK Capability list follows
(tls-decrypted) <= USER
(tls-decrypted) <= RESP-CODES
(tls-decrypted) <= EXPIRE 0
(tls-decrypted) <= LOGIN-DELAY 300
(tls-decrypted) <= TOP
(tls-decrypted) <= UIDL
(tls-decrypted) <= X-GOOGLE-RICO
(tls-decrypted) <= SASL PLAIN XOAUTH2 OAUTHBEARER
(tls-decrypted) <= .
(tls-encrypted) => AUTH XOAUTH2 ...
(tls-decrypted) <= +OK Welcome.
(tls-encrypted) => STAT
(tls-decrypted) <= +OK 412 11677565
Incorporating new mail into inbox...

(tls-encrypted) => RETR 1
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 1
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 2
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 2
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 3
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 3
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 4
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 4
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 5
(tls-decrypted) <= +OK message follows
inc: TLS peer aborted connection

System is FreeBSD hassadar.pretzelnet.org 10.2-RELEASE-p18 FreeBSD 
10.2-RELEASE-p18 #0: Sat May 28 08:53:43 UTC 2016 
root(_at_)amd64-builder(_dot_)daemonology(_dot_)net:/usr/obj/usr/src/sys/GENERIC
  amd64

Any ideas?

Thanks!

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread]	Current Thread	[Next in Thread>
[Nmh-workers] TLS support for POP merged to master, Ken Hornstein Re: [Nmh-workers] TLS support for POP merged to master, Eric Gillespie <= Re: [Nmh-workers] TLS support for POP merged to master, Ken Hornstein Re: [Nmh-workers] TLS support for POP merged to master, David Levine

Previous by Date:	Re: [Nmh-workers] Starting the final call for features for 1.7, Ken Hornstein
Next by Date:	Re: [Nmh-workers] Starting the final call for features for 1.7, Ralph Corderoy
Previous by Thread:	[Nmh-workers] TLS support for POP merged to master, Ken Hornstein
Next by Thread:	Re: [Nmh-workers] TLS support for POP merged to master, Ken Hornstein
Indexes:	[Date] [Thread] [Top] [All Lists]