Re: [Nmh-workers] TLS support for POP merged to master

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS support for POP merged to master

From:	Eric Gillespie
Subject:	Re: [Nmh-workers] TLS support for POP merged to master
Date:	Fri, 30 Sep 2016 01:28:54 -0700

Ken Hornstein <address@hidden> writes:

> I've merged into the main tree a complete reworking of our networking
> code.  Now all of the network security layer has been moved into a
> single set of routines (see h/netsec.h and sbr/netsec.c) and our POP and

Thanks for all the work Ken!  This new stuff looks quite nice.
However I'm having some trouble with it.

> inc(1) and msgchk(1)).

You missed msgchk, as far as I can tell.

> Existing users should notice almost no change, with one significant
> exception.  Users who use the new OAuth authentication support are now
> required to add the -sasl flag to the appropriate utilities.  The OAuth

I run inc like this:

#: in .mh_profile
inc: -host pop.gmail.com -saslmech xoauth2 -authservice gmail -user 
address@hidden

inc -proxy 'openssl s_client -connect %h:995 -verify 5 -verify_return_error 
-quiet'

Tonight I read over and then tried the latest stuff, like this:

inc: -host pop.gmail.com -port 995 -initialtls -sasl -saslmech xoauth2 
-authservice gmail -user address@hidden

but it crashes after a few messages with "inc: TLS peer aborted
connection".  Redacted -snoop transcript:

1 nmh% uip/inc -snoop
Trying to connect to "pop.gmail.com" ...
Connecting to 74.125.28.108:995...
TLS negotiation successful: ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1/SSLv3
(tls-decrypted) <= +OK Gpop ready for requests from 50.247.106.229 
a17mb14133711oii
(tls-encrypted) => CAPA
(tls-decrypted) <= +OK Capability list follows
(tls-decrypted) <= USER
(tls-decrypted) <= RESP-CODES
(tls-decrypted) <= EXPIRE 0
(tls-decrypted) <= LOGIN-DELAY 300
(tls-decrypted) <= TOP
(tls-decrypted) <= UIDL
(tls-decrypted) <= X-GOOGLE-RICO
(tls-decrypted) <= SASL PLAIN XOAUTH2 OAUTHBEARER
(tls-decrypted) <= .
(tls-encrypted) => AUTH XOAUTH2 ...
(tls-decrypted) <= +OK Welcome.
(tls-encrypted) => STAT
(tls-decrypted) <= +OK 412 11677565
Incorporating new mail into inbox...

(tls-encrypted) => RETR 1
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 1
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 2
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 2
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 3
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 3
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 4
(tls-decrypted) <= +OK message follows

(tls-encrypted) => DELE 4
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 5
(tls-decrypted) <= +OK message follows
inc: TLS peer aborted connection

System is FreeBSD hassadar.pretzelnet.org 10.2-RELEASE-p18 FreeBSD 
10.2-RELEASE-p18 #0: Sat May 28 08:53:43 UTC 2016 
address@hidden:/usr/obj/usr/src/sys/GENERIC  amd64

Any ideas?

Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

[Nmh-workers] TLS support for POP merged to master, Ken Hornstein, 2016/09/23
- Re: [Nmh-workers] TLS support for POP merged to master, Eric Gillespie <=
  - Re: [Nmh-workers] TLS support for POP merged to master, Ken Hornstein, 2016/09/30
  - Re: [Nmh-workers] TLS support for POP merged to master, David Levine, 2016/09/30

Prev by Date: Re: [Nmh-workers] Starting the final call for features for 1.7
Next by Date: Re: [Nmh-workers] Starting the final call for features for 1.7
Previous by thread: [Nmh-workers] TLS support for POP merged to master
Next by thread: Re: [Nmh-workers] TLS support for POP merged to master
Index(es):
- Date
- Thread