[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS support for POP merged to master

From: Eric Gillespie
Subject: Re: [Nmh-workers] TLS support for POP merged to master
Date: Fri, 30 Sep 2016 01:28:54 -0700

Ken Hornstein <address@hidden> writes:

> I've merged into the main tree a complete reworking of our networking
> code.  Now all of the network security layer has been moved into a
> single set of routines (see h/netsec.h and sbr/netsec.c) and our POP and

Thanks for all the work Ken!  This new stuff looks quite nice.
However I'm having some trouble with it.

> inc(1) and msgchk(1)).

You missed msgchk, as far as I can tell.

> Existing users should notice almost no change, with one significant
> exception.  Users who use the new OAuth authentication support are now
> required to add the -sasl flag to the appropriate utilities.  The OAuth

I run inc like this:

#: in .mh_profile
inc: -host pop.gmail.com -saslmech xoauth2 -authservice gmail -user 

inc -proxy 'openssl s_client -connect %h:995 -verify 5 -verify_return_error 

Tonight I read over and then tried the latest stuff, like this:

inc: -host pop.gmail.com -port 995 -initialtls -sasl -saslmech xoauth2 
-authservice gmail -user address@hidden

but it crashes after a few messages with "inc: TLS peer aborted
connection".  Redacted -snoop transcript:

1 nmh% uip/inc -snoop
Trying to connect to "pop.gmail.com" ...
Connecting to
TLS negotiation successful: ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1/SSLv3
(tls-decrypted) <= +OK Gpop ready for requests from 
(tls-encrypted) => CAPA
(tls-decrypted) <= +OK Capability list follows
(tls-decrypted) <= USER
(tls-decrypted) <= RESP-CODES
(tls-decrypted) <= EXPIRE 0
(tls-decrypted) <= LOGIN-DELAY 300
(tls-decrypted) <= TOP
(tls-decrypted) <= UIDL
(tls-decrypted) <= X-GOOGLE-RICO
(tls-decrypted) <= .
(tls-encrypted) => AUTH XOAUTH2 ...
(tls-decrypted) <= +OK Welcome.
(tls-encrypted) => STAT
(tls-decrypted) <= +OK 412 11677565
Incorporating new mail into inbox...

(tls-encrypted) => RETR 1
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 1
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 2
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 2
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 3
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 3
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 4
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 4
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 5
(tls-decrypted) <= +OK message follows
inc: TLS peer aborted connection

System is FreeBSD hassadar.pretzelnet.org 10.2-RELEASE-p18 FreeBSD 
10.2-RELEASE-p18 #0: Sat May 28 08:53:43 UTC 2016 
address@hidden:/usr/obj/usr/src/sys/GENERIC  amd64

Any ideas?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]