Use of gnutls-cli breaks new verizon setting

Use of gnutls-cli breaks new verizon setting

[Dave Goldberg]

Verizon recently (finally!) announced support, soon to be required, for SSL on POP3 and SMTP.  However things are weird.  I did not have gnutls-cli on my system, so the pop3 setting found openssl and that worked fine.  Smtpmail seems to insist on using gnutls-cli, with no option for openssl.  So I installed gnutls-cli and things break.

For pop3, it's called as

gnutls-cli -p 995 --insecure incoming.verizon.net

And for some reason, I get an error that my user is invalid.  But if I set a debug-on-entry for pop3-logon and step through, it works fine.  Seems like some odd race condition.

For smtpmail, it's called as

gnutls-cli -s -p 465 outgoing.verizon.net

and this just hangs.  If I do that at the command line, I see why - it connects to the server and prints a message saying "simple client mode" but no banner from the server.  If I remove the -s, I get the banner from the server.  However the -s is hardcoded into starttls.el.  Why?  Do I need it?  While I'd prefer to not have a locally hacked file or function definition, if that's what I have to do I will but if that can be made optional, it would be nice.

For what it's worth, I am on 

emacs-version is a variable defined in `version.el'.
Its value is "23.1.1"

on Ubuntu 10.04.

Thanks for any advice.
-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: Use of gnutls-cli breaks new verizon setting

[Lars Magne Ingebrigtsen]

david.goldberg6@verizon.net (Dave Goldberg) writes:

> Verizon recently (finally!) announced support, soon to be required,
> for SSL on POP3 and SMTP.  However things are weird.  I did not have
> gnutls-cli on my system, so the pop3 setting found openssl and that
> worked fine.  Smtpmail seems to insist on using gnutls-cli, with no
> option for openssl.  So I installed gnutls-cli and things break.
>
> For pop3, it's called as
>
> gnutls-cli -p 995 --insecure incoming.verizon.net

Are you trying to use STARTTLS or TLS?  What's your mail-sources stream
conf for the pop source?

> And for some reason, I get an error that my user is invalid.  But if I
> set a debug-on-entry for pop3-logon and step through, it works fine.
> Seems like some odd race condition.

It works for me in Emacs 23 with STARTTLS, at least.

> For smtpmail, it's called as
>
> gnutls-cli -s -p 465 outgoing.verizon.net
>
> and this just hangs.  If I do that at the command line, I see why - it
> connects to the server and prints a message saying "simple client
> mode" but no banner from the server.  If I remove the -s, I get the
> banner from the server.  However the -s is hardcoded into starttls.el.
> Why?  Do I need it?  While I'd prefer to not have a locally hacked
> file or function definition, if that's what I have to do I will but if
> that can be made optional, it would be nice.

I'm guessing that the SMTP server does not do STARTTLS, but plain TLS
instead... 

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

Re: Use of gnutls-cli breaks new verizon setting

[Dave Goldberg]

> david.goldberg6@verizon.net (Dave Goldberg) writes:
>> Verizon recently (finally!) announced support, soon to be required,
>> for SSL on POP3 and SMTP.  However things are weird.  I did not have
>> gnutls-cli on my system, so the pop3 setting found openssl and that
>> worked fine.  Smtpmail seems to insist on using gnutls-cli, with no
>> option for openssl.  So I installed gnutls-cli and things break.
>> 
>> For pop3, it's called as
>> 
>> gnutls-cli -p 995 --insecure incoming.verizon.net

> Are you trying to use STARTTLS or TLS?  What's your mail-sources stream
> conf for the pop source?

      mail-sources '((pop :server "incoming.verizon.net"
		          :user "vze2srxy"
		          :port 995
		          :stream 'ssl))


>> And for some reason, I get an error that my user is invalid.  But if I
>> set a debug-on-entry for pop3-logon and step through, it works fine.
>> Seems like some odd race condition.

> It works for me in Emacs 23 with STARTTLS, at least.

>> For smtpmail, it's called as
>> 
>> gnutls-cli -s -p 465 outgoing.verizon.net
>> 
>> and this just hangs.  If I do that at the command line, I see why - it
>> connects to the server and prints a message saying "simple client
>> mode" but no banner from the server.  If I remove the -s, I get the
>> banner from the server.  However the -s is hardcoded into starttls.el.
>> Why?  Do I need it?  While I'd prefer to not have a locally hacked
>> file or function definition, if that's what I have to do I will but if
>> that can be made optional, it would be nice.

> I'm guessing that the SMTP server does not do STARTTLS, but plain TLS
> instead... 

That's likely the case.  My config looks like this:

      send-mail-function 'smtpmail-send-it
      message-send-mail-function 'smtpmail-send-it
      message-send-mail-partially-limit nil
      smtpmail-default-smtp-server "outgoing.verizon.net"
      smtpmail-local-domain "verizon.net"
      smtpmail-debug-info t
      smtpmail-auth-credentials "/home/dsg/.authinfo.gpg"
      smtpmail-smtp-service 465
      smtpmail-starttls-credentials '(("outgoing.verizon.net" 465 nil nil))

Is there some other way to do SMTP over SSL?

Thanks,
-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: Use of gnutls-cli breaks new verizon setting

[Andreas Schwab]

david.goldberg6@verizon.net (Dave Goldberg) writes:

>       mail-sources '((pop :server "incoming.verizon.net"
> 		          :user "vze2srxy"
> 		          :port 995
> 		          :stream 'ssl))
                                  ^
Too much quoting.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: Use of gnutls-cli breaks new verizon setting

[Dave Goldberg]

> david.goldberg6@verizon.net (Dave Goldberg) writes:
>> mail-sources '((pop :server "incoming.verizon.net"
>> :user "vze2srxy"
>> :port 995
>> :stream 'ssl))
>                                   ^
> Too much quoting.

True, but apparently irrelevant to my problem.  With or without that extraneous quote, pop3 retrieval works without problem with openssl, fails unless run under the debugger with gnutls-cli.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: Use of gnutls-cli breaks new verizon setting

[Lars Ingebrigtsen]

david.goldberg6@verizon.net (Dave Goldberg) writes:

>> Are you trying to use STARTTLS or TLS?  What's your mail-sources stream
>> conf for the pop source?
>
>       mail-sources '((pop :server "incoming.verizon.net"
> 		          :user "vze2srxy"
> 		          :port 995
> 		          :stream 'ssl))

Right, so it's using TLS and not STARTTLS.  

I've looked at the code in question, and I don't quite see where the
race condition is.  But these things are kinda tricky...

> Is there some other way to do SMTP over SSL?

Set `smtpmail-stream-type' to `ssl'.  I think that existed in Emacs 23?

-- 
(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome

Re: Use of gnutls-cli breaks new verizon setting

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> I've looked at the code in question, and I don't quite see where the
> race condition is.  But these things are kinda tricky...

I've now managed to partially reproduce the race condition here.  Could
you check whether this fixes the bug you're seeing?

-- 
(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome

Re: Use of gnutls-cli breaks new verizon setting

[Dave Goldberg]

> Lars Ingebrigtsen <larsi@gnus.org> writes:
>> I've looked at the code in question, and I don't quite see where the
>> race condition is.  But these things are kinda tricky...

> I've now managed to partially reproduce the race condition here.  Could
> you check whether this fixes the bug you're seeing?

Indeed it does.  Thanks!

Unfortunately emacs 23, at least as distributed by ubuntu 10.04, does not have the smtpmail-stream-type setting available.  I'm making do with a local, modified copy of the relevant function until I get around to upgrading.

-- 
Dave Goldberg
david.goldberg6@verizon.net