[tpop3d-discuss] SSL support

tpop3d-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tpop3d-discuss] SSL support

From:	Angel Marin
Subject:	[tpop3d-discuss] SSL support
Date:	Sun, 16 Jun 2002 12:13:48 +0200

Hi,

I have started the development of the ssl support for tpop3d. I have a
working snapshot, but its only an starting point of what shoud be. So if
anybody whants to test it and send problems/bugs/suggestions I will do my
best to improve it.

What it does :
 - provides tls support to tpop3d

Requisites:
 - OpenSSL

How to compile:
 - It needs to be linked with -lssl

How to configure:

I added a three config params:

"enable-ssl:" boolean to activate ssl support
        enable-ssl: true

"ssl-cert:" path to ssl public key file (pem format)
        ssl-cert: /usr/share/ssl/certs/tpop3d.pem

"ssl-key:" path to ssl private key file (pem format)
        ssl-key: /usr/share/ssl/certs/tpop3d-key.pem

If ssl-key is not set ssl-cert is tried as the private key.

I also modified the listen-address param. Now to specify that a address is
an ssl listener you may config it as:

        listen-address: (hostname | IP number)[:port][(domain)][{ssl}]
        listen-address: 127.0.0.1:995(foo.bar)]{ssl}

How it works:

If it receives a connection on a ssl listener it starts an ssl handshake and
then all the comunication will be encrypted.

To do:

        1. Modify configure & makefile
      2. Implement an xread function (equivalent to xwrite) so we can
replace read in connection_sendresponse and connection_sendline. Then we may
have a xread_ssl similar to xwrite_ssl to handle propertly rehandshake
situations while reading as it is done while writting.
        3. Implement a cleanner solution to write_file.
        4. Check if we are in a system without /dev/uramdom and handle it.
        5. Add more logging info for better debugging ssl problems
        6. Check the use of modern OpenSSL functions and determine the minimun
OpenSSL version needed.
        7. Test that the patch has not broken any other functionality.
        8. Add more comments to the source :)
        9. Test everything.

Situations already tested:

        Its working well in a small production server with ~70 users. It has two
listening addresses, only one ssl enabled. Maildir support only and
auth-flatfile. OpenSSL 0.9.6b

The patch:

        Attachment: tpop3d-1.4.2pre3-ssl.patch

Angel.

tpop3d-1.4.2pre3-ssl.patch
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

[tpop3d-discuss] SSL support, Angel Marin <=
- Re: [tpop3d-discuss] SSL support, Chris Lightfoot, 2002/06/16
  - RE: [tpop3d-discuss] SSL support, Angel Marin, 2002/06/16
    - Re: [tpop3d-discuss] SSL support, Chris Lightfoot, 2002/06/16
    - RE: [tpop3d-discuss] SSL support, Angel Marin, 2002/06/16
    - Re: [tpop3d-discuss] SSL support, Chris Lightfoot, 2002/06/16
    - RE: [tpop3d-discuss] SSL support, Angel Marin, 2002/06/16

Prev by Date: Re: [tpop3d-discuss] open sockets...
Next by Date: Re: [tpop3d-discuss] SSL support
Previous by thread: [tpop3d-discuss] LDAP: Diff. users / mail addresses
Next by thread: Re: [tpop3d-discuss] SSL support
Index(es):
- Date
- Thread