From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <18ea0b5a277941e512b41b7762bc746a@hamnavoe.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] now the real reason ... tls mail
From: Richard Miller <9fans@hamnavoe.com>
Date: Tue, 29 May 2007 10:18:27 +0100
In-Reply-To: <13426df10705282310u29ebe617ga3fea39d91c854ab@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: 743e8c86-ead2-11e9-9d60-3106f5b1d025

> I have used the openssl command to create cert.pem and imap.pem.

I think you're making things difficult for yourself by not doing
everything under Plan 9.  I just tried following the hints
in tlssrv(8), pop3(8) and rsa(8) -- here's the transcript:

On the server (vt310):

term% auth/rsagen -t 'service=tls' >key
term% auth/rsa2x509 'C=UK CN=*.hamnavoe.com' key | auth/pemencode CERTIFICATE >cert
term% cat key >/mnt/factotum/ctl
term% cp cert /sys/lib/tls/imap.pem
term% cat >/bin/service.auth/tcp993 <<EOF
#!/bin/rc
exec tlssrv -c/sys/lib/tls/imap.pem -limap4d -r`{cat $3/remote} \
  /bin/ip/imap4d -p -dhamnavoe.com -r`{cat $3/remote} \
  >[2]/sys/log/imap4d
EOF
term% chmod +x /bin/service.auth/tcp993
term% passwd
Plan 9 Password: ********
change Plan 9 Password? (y/n) n
change Inferno/POP password? (y/n) y
make it the same as your plan 9 password? (y/n) y
term% 

Note that if vt310 was not already running as an auth server, I would
also have had to start auth/keyfs and 'aux/listen -t /bin/service.auth tcp'
(before changing my POP password).

On the client:

term% upas/fs -f/imaps/vt310/miller
upas/fs: server certificate 2DE3574F53CB87FFDBF1068CFA27B8D48586B37B not recognized
term% cat <<EOF >>/sys/lib/tls/mail
x509 sha1=2DE3574F53CB87FFDBF1068CFA27B8D48586B37B vt310
EOF
term% upas/fs -f/imaps/vt310/miller
!Adding key: proto=pass server=vt310 service=imap user=miller
password: ********
!
term% mail 
10 messages
: term% 

So it seems to have found the mailbox.  Then I tried setting up
an IMAP account on my iMac mail.app to fetch from vt310, ticking
the 'Use SSL' box in the Accounts>Advanced dialogue.  That works too,
except for giving a warning message "... The root certificate for
this server could not be verified ... Would you like to continue
anyway?"  I don't know if there's a way to silence this message
other than getting your certificate signed by a reputable CA.

-- Richard