* [PATCH] sieve-manage: use auth-source
@ 2010-10-05 16:16 Julien Danjou
2010-10-05 17:18 ` Lars Magne Ingebrigtsen
2010-10-08 15:40 ` Ted Zlatanov
0 siblings, 2 replies; 19+ messages in thread
From: Julien Danjou @ 2010-10-05 16:16 UTC (permalink / raw)
To: ding; +Cc: Julien Danjou
Signed-off-by: Julien Danjou <julien@danjou.info>
---
Hi there,
This a big patch to make sieve-manage use auth-source rather than its own
prompting and mechanisms.
I've tested it on my server (Dovecot 1.2) and it works fine. However, more
testing and/or some approval would be welcome before I push it.
lisp/ChangeLog | 2 +
lisp/sieve-manage.el | 214 +++++++++++++++----------------------------------
2 files changed, 68 insertions(+), 148 deletions(-)
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index bddd86c..e545fc7 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -11,6 +11,8 @@
2010-10-05 Julien Danjou <julien@danjou.info>
+ * sieve-manage.el (sieve-sasl-auth): Use auth-source to authenticate.
+
* gnus-html.el (gnus-html-wash-images): Rescale image from cid too.
(gnus-html-maximum-image-size): Add this function.
(gnus-html-put-image): Use gnus-html-maximum-image-size.
diff --git a/lisp/sieve-manage.el b/lisp/sieve-manage.el
index 69f21b0..36ecd49 100644
--- a/lisp/sieve-manage.el
+++ b/lisp/sieve-manage.el
@@ -43,7 +43,6 @@
;; `sieve-manage-close'
;; close a server connection.
;;
-;; `sieve-manage-authenticate'
;; `sieve-manage-listscripts'
;; `sieve-manage-deletescript'
;; `sieve-manage-getscript'
@@ -51,11 +50,6 @@
;;
;; and that's it. Example of a managesieve session in *scratch*:
;;
-;; (setq my-buf (sieve-manage-open "my.server.com"))
-;; " *sieve* my.server.com:2000*"
-;;
-;; (sieve-manage-authenticate "myusername" "mypassword" my-buf)
-;; 'auth
;;
;; (sieve-manage-listscripts my-buf)
;; ("vacation" "testscript" ("splitmail") "badscript")
@@ -87,6 +81,7 @@
(require 'starttls))
(autoload 'sasl-find-mechanism "sasl")
(autoload 'starttls-open-stream "starttls")
+(autoload 'auth-source-user-or-password "auth-source")
;; User customizable variables:
@@ -100,11 +95,6 @@
:type 'string
:group 'sieve-manage)
-(defcustom sieve-manage-default-user (user-login-name)
- "Default username to use."
- :type 'string
- :group 'sieve-manage)
-
(defcustom sieve-manage-server-eol "\r\n"
"The EOL string sent from the server."
:type 'string
@@ -174,8 +164,6 @@ Must be a name of a stream in `sieve-manage-stream-alist'."
sieve-manage-port
sieve-manage-auth
sieve-manage-stream
- sieve-manage-username
- sieve-manage-password
sieve-manage-process
sieve-manage-client-eol
sieve-manage-server-eol
@@ -186,8 +174,6 @@ Must be a name of a stream in `sieve-manage-stream-alist'."
(defvar sieve-manage-auth nil)
(defvar sieve-manage-server nil)
(defvar sieve-manage-port nil)
-(defvar sieve-manage-username nil)
-(defvar sieve-manage-password nil)
(defvar sieve-manage-state 'closed
"Managesieve state.
Valid states are `closed', `initial', `nonauth', and `auth'.")
@@ -201,61 +187,6 @@ Valid states are `closed', `initial', `nonauth', and `auth'.")
(unless (featurep 'xemacs)
'(set-buffer-multibyte nil)))
-(declare-function password-read "password-cache" (prompt &optional key))
-(declare-function password-cache-add "password-cache" (key password))
-(declare-function password-cache-remove "password-cache" (key))
-
-;; Uses the dynamically bound `reason' variable.
-(defvar reason)
-(defun sieve-manage-interactive-login (buffer loginfunc)
- "Login to server in BUFFER.
-LOGINFUNC is passed a username and a password, it should return t if
-it was successful authenticating itself to the server, nil otherwise.
-Returns t if login was successful, nil otherwise."
- (with-current-buffer buffer
- (make-local-variable 'sieve-manage-username)
- (make-local-variable 'sieve-manage-password)
- (let (user passwd ret reason passwd-key)
- (condition-case ()
- (while (or (not user) (not passwd))
- (setq user (or sieve-manage-username
- (read-from-minibuffer
- (concat "Managesieve username for "
- sieve-manage-server ": ")
- (or user sieve-manage-default-user)))
- passwd-key (concat "managesieve:" user "@" sieve-manage-server
- ":" sieve-manage-port)
- passwd (or sieve-manage-password
- (password-read (concat "Managesieve password for "
- user "@" sieve-manage-server
- ": ")
- passwd-key)))
- (when (y-or-n-p "Store password for this session? ")
- (password-cache-add passwd-key (copy-sequence passwd)))
- (when (and user passwd)
- (if (funcall loginfunc user passwd)
- (setq ret t
- sieve-manage-username user)
- (if reason
- (message "Login failed (reason given: %s)..." reason)
- (message "Login failed..."))
- (password-cache-remove passwd-key)
- (setq sieve-manage-password nil)
- (setq passwd nil)
- (setq reason nil)
- (sit-for 1))))
- (quit (with-current-buffer buffer
- (password-cache-remove passwd-key)
- (setq user nil
- passwd nil
- sieve-manage-password nil)))
- (error (with-current-buffer buffer
- (password-cache-remove passwd-key)
- (setq user nil
- passwd nil
- sieve-manage-password nil))))
- ret)))
-
(defun sieve-manage-erase (&optional p buffer)
(let ((buffer (or buffer (current-buffer))))
(and sieve-manage-log
@@ -337,69 +268,74 @@ Returns t if login was successful, nil otherwise."
;; Authenticators
+;; Uses the dynamically bound `reason' variable.
+(defvar reason)
(defun sieve-sasl-auth (buffer mech)
"Login to server using the SASL MECH method."
(message "sieve: Authenticating using %s..." mech)
- (if (sieve-manage-interactive-login
- buffer
- (lambda (user passwd)
- (let (client step tag data rsp)
- (setq client (sasl-make-client (sasl-find-mechanism (list mech))
- user "sieve" sieve-manage-server))
- (setq sasl-read-passphrase (function (lambda (prompt) passwd)))
- (setq step (sasl-next-step client nil))
- (setq tag
- (sieve-manage-send
- (concat
- "AUTHENTICATE \""
- mech
- "\""
- (and (sasl-step-data step)
- (concat
- " \""
- (base64-encode-string
- (sasl-step-data step)
- 'no-line-break)
- "\"")))))
- (catch 'done
- (while t
- (setq rsp nil)
- (goto-char (point-min))
- (while (null (or (progn
- (setq rsp (sieve-manage-is-string))
- (if (not (and rsp (looking-at
- sieve-manage-server-eol)))
- (setq rsp nil)
- (goto-char (match-end 0))
- rsp))
- (setq rsp (sieve-manage-is-okno))))
- (accept-process-output sieve-manage-process 1)
- (goto-char (point-min)))
- (sieve-manage-erase)
- (when (sieve-manage-ok-p rsp)
- (when (string-match "^SASL \"\\([^\"]+\\)\"" (cadr rsp))
- (sasl-step-set-data
- step (base64-decode-string (match-string 1 (cadr rsp)))))
- (if (and (setq step (sasl-next-step client step))
- (setq data (sasl-step-data step)))
- ;; We got data for server but it's finished
- (error "Server not ready for SASL data: %s" data)
- ;; The authentication process is finished.
- (throw 'done t)))
- (unless (stringp rsp)
- (apply 'error "Server aborted SASL authentication: %s %s %s"
- rsp))
- (sasl-step-set-data step (base64-decode-string rsp))
- (setq step (sasl-next-step client step))
- (sieve-manage-send
- (if (sasl-step-data step)
- (concat "\""
- (base64-encode-string (sasl-step-data step)
- 'no-line-break)
- "\"")
- "")))))))
- (message "sieve: Authenticating using %s...done" mech)
- (message "sieve: Authenticating using %s...failed" mech)))
+ (with-current-buffer buffer
+ (let* ((user-password (auth-source-user-or-password
+ '("login" "password")
+ sieve-manage-server
+ "sieve" nil t))
+ (user (car user-password))
+ (passwd (cadr user-password))
+ client step tag data rsp)
+ (setq client (sasl-make-client (sasl-find-mechanism (list mech))
+ user "sieve" sieve-manage-server))
+ (setq sasl-read-passphrase (function (lambda (prompt) passwd)))
+ (setq step (sasl-next-step client nil))
+ (setq tag
+ (sieve-manage-send
+ (concat
+ "AUTHENTICATE \""
+ mech
+ "\""
+ (and (sasl-step-data step)
+ (concat
+ " \""
+ (base64-encode-string
+ (sasl-step-data step)
+ 'no-line-break)
+ "\"")))))
+ (catch 'done
+ (while t
+ (setq rsp nil)
+ (goto-char (point-min))
+ (while (null (or (progn
+ (setq rsp (sieve-manage-is-string))
+ (if (not (and rsp (looking-at
+ sieve-manage-server-eol)))
+ (setq rsp nil)
+ (goto-char (match-end 0))
+ rsp))
+ (setq rsp (sieve-manage-is-okno))))
+ (accept-process-output sieve-manage-process 1)
+ (goto-char (point-min)))
+ (sieve-manage-erase)
+ (when (sieve-manage-ok-p rsp)
+ (when (and (cadr rsp)
+ (string-match "^SASL \"\\([^\"]+\\)\"" (cadr rsp)))
+ (sasl-step-set-data
+ step (base64-decode-string (match-string 1 (cadr rsp)))))
+ (if (and (setq step (sasl-next-step client step))
+ (setq data (sasl-step-data step)))
+ ;; We got data for server but it's finished
+ (error "Server not ready for SASL data: %s" data)
+ ;; The authentication process is finished.
+ (throw 'done t)))
+ (unless (stringp rsp)
+ (error "Server aborted SASL authentication: %s" (caddr rsp)))
+ (sasl-step-set-data step (base64-decode-string rsp))
+ (setq step (sasl-next-step client step))
+ (sieve-manage-send
+ (if (sasl-step-data step)
+ (concat "\""
+ (base64-encode-string (sasl-step-data step)
+ 'no-line-break)
+ "\"")
+ ""))))
+ (message "sieve: Login using %s...done" mech))))
(defun sieve-manage-cram-md5-p (buffer)
(sieve-manage-capability "SASL" "CRAM-MD5" buffer))
@@ -534,24 +470,6 @@ If BUFFER is nil, the current buffer is used."
(sieve-manage-erase)
t))
-(defun sieve-manage-authenticate (&optional user passwd buffer)
- "Authenticate to server in BUFFER, using current buffer if nil.
-It uses the authenticator specified when opening the server. If the
-authenticator requires username/passwords, they are queried from the
-user and optionally stored in the buffer. If USER and/or PASSWD is
-specified, the user will not be questioned and the username and/or
-password is remembered in the buffer."
- (with-current-buffer (or buffer (current-buffer))
- (if (not (eq sieve-manage-state 'nonauth))
- (eq sieve-manage-state 'auth)
- (make-local-variable 'sieve-manage-username)
- (make-local-variable 'sieve-manage-password)
- (if user (setq sieve-manage-username user))
- (if passwd (setq sieve-manage-password passwd))
- (if (funcall (nth 2 (assq sieve-manage-auth
- sieve-manage-authenticator-alist)) buffer)
- (setq sieve-manage-state 'auth)))))
-
(defun sieve-manage-capability (&optional name value buffer)
"Check if capability NAME of server BUFFER match VALUE.
If it does, return the server value of NAME. If not returns nil.
--
1.7.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-05 16:16 [PATCH] sieve-manage: use auth-source Julien Danjou
@ 2010-10-05 17:18 ` Lars Magne Ingebrigtsen
2010-10-05 17:28 ` Ted Zlatanov
2010-10-08 15:40 ` Ted Zlatanov
1 sibling, 1 reply; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-05 17:18 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
> I've tested it on my server (Dovecot 1.2) and it works fine. However, more
> testing and/or some approval would be welcome before I push it.
Looks good to me, but I don't use sieve, so it would be nice to get some
testing first.
Also, Ted is doing work on auth-sources, but I don't know whether that
will result in an API change or not...
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-05 16:16 [PATCH] sieve-manage: use auth-source Julien Danjou
2010-10-05 17:18 ` Lars Magne Ingebrigtsen
@ 2010-10-08 15:40 ` Ted Zlatanov
2010-10-08 16:01 ` Julien Danjou
1 sibling, 1 reply; 19+ messages in thread
From: Ted Zlatanov @ 2010-10-08 15:40 UTC (permalink / raw)
To: ding
On Tue, 5 Oct 2010 18:16:31 +0200 Julien Danjou <julien@danjou.info> wrote:
JD> This a big patch to make sieve-manage use auth-source rather than its own
JD> prompting and mechanisms.
JD> I've tested it on my server (Dovecot 1.2) and it works fine. However, more
JD> testing and/or some approval would be welcome before I push it.
Thanks, Julien.
Looking at the Gnus manual, do you see any inaccuracies in the Sieve
section? We don't seem to have a lot of users for that functionality so
your experience is valuable.
Ted
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-08 15:40 ` Ted Zlatanov
@ 2010-10-08 16:01 ` Julien Danjou
2010-10-13 14:39 ` Ludovic Courtès
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-08 16:01 UTC (permalink / raw)
To: Ted Zlatanov; +Cc: ding
[-- Attachment #1: Type: text/plain, Size: 498 bytes --]
On Fri, Oct 08 2010, Ted Zlatanov wrote:
> Thanks, Julien.
>
> Looking at the Gnus manual, do you see any inaccuracies in the Sieve
> section? We don't seem to have a lot of users for that functionality so
> your experience is valuable.
I don't use the Sieve generation from Gnus itself, I just used
sieve-manage to edit my sieve rules.
But reading the Gnus manual, I do not see anything inaccurate. :)
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-08 16:01 ` Julien Danjou
@ 2010-10-13 14:39 ` Ludovic Courtès
2010-10-13 14:44 ` Julien Danjou
0 siblings, 1 reply; 19+ messages in thread
From: Ludovic Courtès @ 2010-10-13 14:39 UTC (permalink / raw)
To: ding
Hello,
Julien Danjou <julien@danjou.info> writes:
> I don't use the Sieve generation from Gnus itself, I just used
> sieve-manage to edit my sieve rules.
Then I’m interested in your input on this. :-)
‘sieve-manage’ fails for me:
--8<---------------cut here---------------start------------->8---
Debugger entered--Lisp error: (wrong-type-argument stringp nil)
string-match("DIGEST-MD5" nil)
sieve-manage-capability("SASL" "DIGEST-MD5" " *sieve* imap.example.com:2000")
sieve-manage-digest-md5-p(" *sieve* imap.example.com:2000")
sieve-manage-open("imap.example.com")
sieve-open-server("imap.example.com" nil)
sieve-manage("imap.example.com")
call-interactively(sieve-manage t nil)
execute-extended-command(nil)
call-interactively(execute-extended-command nil nil)
--8<---------------cut here---------------end--------------->8---
Connecting to that server on port 2000 shows this:
--8<---------------cut here---------------start------------->8---
Connected to imap.example.com.
Escape character is '^]'.
"IMPLEMENTATION" "dovecot"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"
"STARTTLS"
"RENAME"
OK "mail server - Dovecot ready."
--8<---------------cut here---------------end--------------->8---
Changing ‘sieve-manage-is-string’ to look for "\"\\([^\"]*\\)\"" (‘*’
instead of ‘+’), things fail later on:
--8<---------------cut here---------------start------------->8---
Debugger entered--Lisp error: (error "Couldn't figure out authenticator for server")
signal(error ("Couldn't figure out authenticator for server"))
error("Couldn't figure out authenticator for server")
sieve-manage-open("imap.example.com")
sieve-open-server("imap.example.com" nil)
sieve-manage("imap.example.com")
call-interactively(sieve-manage t nil)
execute-extended-command(nil)
call-interactively(execute-extended-command nil nil)
--8<---------------cut here---------------end--------------->8---
Any idea what could go wrong or how I should proceed to debug further?
It seems to be trying to use SASL, which isn’t supported by this server.
(That’s with Gnus 5.13 from GNU Emacs 23.2.1.)
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 14:39 ` Ludovic Courtès
@ 2010-10-13 14:44 ` Julien Danjou
2010-10-13 15:34 ` Ludovic Courtès
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-13 14:44 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: ding
[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]
On Wed, Oct 13 2010, Ludovic Courtès wrote:
> ‘sieve-manage’ fails for me:
>
> Debugger entered--Lisp error: (wrong-type-argument stringp nil)
> string-match("DIGEST-MD5" nil)
> sieve-manage-capability("SASL" "DIGEST-MD5" " *sieve* imap.example.com:2000")
> sieve-manage-digest-md5-p(" *sieve* imap.example.com:2000")
> sieve-manage-open("imap.example.com")
> sieve-open-server("imap.example.com" nil)
> sieve-manage("imap.example.com")
> call-interactively(sieve-manage t nil)
> execute-extended-command(nil)
> call-interactively(execute-extended-command nil nil)
I've fixed that bug recently. But maybe you use an older version.
> Connecting to that server on port 2000 shows this:
>
> Connected to imap.example.com.
> Escape character is '^]'.
> "IMPLEMENTATION" "dovecot"
> "SASL" ""
This is not valid. The server is saying there's no way to SASL method to
authenticate with.
> Any idea what could go wrong or how I should proceed to debug further?
> It seems to be trying to use SASL, which isn’t supported by this server.
Just put:
disable_plaintext_auth = no
in dovecot.conf. It will then tells you:
"SASL" "PLAIN"
And things will work.
You can also put other authentification mechanisms such as CRAM-MD5,
etc, in auth default { mechanisms = … } in dovecot.conf. I did not had
the time to play with that yet however, but it should also work with
sieve-manage.
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 14:44 ` Julien Danjou
@ 2010-10-13 15:34 ` Ludovic Courtès
2010-10-13 15:51 ` Julien Danjou
2010-11-21 14:22 ` sieve-manage & starttls Ludovic Courtès
0 siblings, 2 replies; 19+ messages in thread
From: Ludovic Courtès @ 2010-10-13 15:34 UTC (permalink / raw)
To: ding
Hello,
Julien Danjou <julien@danjou.info> writes:
> On Wed, Oct 13 2010, Ludovic Courtès wrote:
[...]
>> Connecting to that server on port 2000 shows this:
>>
>> Connected to imap.example.com.
>> Escape character is '^]'.
>> "IMPLEMENTATION" "dovecot"
>> "SASL" ""
>
> This is not valid. The server is saying there's no way to SASL method to
> authenticate with.
Ooh, it’s actually more subtle than this: the PLAIN authentication
method becomes available once a TLS session has been negotiated:
--8<---------------cut here---------------start------------->8---
$ gnutls-cli --starttls -p 2000 imap.example.com
Resolving 'imap.example.com'...
- Simple Client Mode:
"IMPLEMENTATION" "dovecot"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"
"STARTTLS"
"RENAME"
OK "mail server - Dovecot ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1021 bits
- Peer's public key: 1023 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `...’
- The hostname in the certificate matches 'imap.example.com'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
"IMPLEMENTATION" "dovecot"
"SASL" "PLAIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"
"RENAME"
OK "TLS negotiation successful."
--8<---------------cut here---------------end--------------->8---
Apparently ‘manage-sieve’ in Gnus git supports starttls, so I’ll give it
a try.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 15:34 ` Ludovic Courtès
@ 2010-10-13 15:51 ` Julien Danjou
2010-10-13 18:26 ` Lars Magne Ingebrigtsen
2010-11-21 14:22 ` sieve-manage & starttls Ludovic Courtès
1 sibling, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-13 15:51 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: ding
[-- Attachment #1: Type: text/plain, Size: 268 bytes --]
On Wed, Oct 13 2010, Ludovic Courtès wrote:
> Apparently ‘manage-sieve’ in Gnus git supports starttls, so I’ll give it
> a try.
In theory. In practice it hangs forever here.
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 15:51 ` Julien Danjou
@ 2010-10-13 18:26 ` Lars Magne Ingebrigtsen
2010-10-13 18:35 ` Julien Danjou
0 siblings, 1 reply; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-13 18:26 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
>> Apparently ‘manage-sieve’ in Gnus git supports starttls, so I’ll give it
>> a try.
>
> In theory. In practice it hangs forever here.
STARTLS works for me if you have Emacs 24 + gnutls, or Emacs 23 with
openssl installed.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 18:26 ` Lars Magne Ingebrigtsen
@ 2010-10-13 18:35 ` Julien Danjou
2010-10-13 18:52 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-13 18:35 UTC (permalink / raw)
To: ding
On Wed, Oct 13 2010, Lars Magne Ingebrigtsen wrote:
>>> Apparently ‘manage-sieve’ in Gnus git supports starttls, so I’ll give it
>>> a try.
>>
>> In theory. In practice it hangs forever here.
>
> STARTLS works for me if you have Emacs 24 + gnutls, or Emacs 23 with
> openssl installed.
I've Emacs 24 with openssl. But it seems to launch gnustls-bin.
(No problem with ssl OTOH).
At least if it's just a problem on my side I can live with it. :)
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 18:35 ` Julien Danjou
@ 2010-10-13 18:52 ` Lars Magne Ingebrigtsen
2010-10-14 9:54 ` Julien Danjou
0 siblings, 1 reply; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-13 18:52 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
> I've Emacs 24 with openssl. But it seems to launch gnustls-bin.
I've now reworked that case again, so it should really really call
openssl.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-13 18:52 ` Lars Magne Ingebrigtsen
@ 2010-10-14 9:54 ` Julien Danjou
2010-10-14 18:58 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-14 9:54 UTC (permalink / raw)
To: ding
On Wed, Oct 13 2010, Lars Magne Ingebrigtsen wrote:
> I've now reworked that case again, so it should really really call
> openssl.
You seems to have played on nnimap, but it does not seems to impact
sieve-manage itself, does it?
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-14 9:54 ` Julien Danjou
@ 2010-10-14 18:58 ` Lars Magne Ingebrigtsen
2010-10-14 19:09 ` Julien Danjou
0 siblings, 1 reply; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-14 18:58 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
> You seems to have played on nnimap, but it does not seems to impact
> sieve-manage itself, does it?
Doesn't that just use the normal nnimap connection functions?
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-14 18:58 ` Lars Magne Ingebrigtsen
@ 2010-10-14 19:09 ` Julien Danjou
2010-10-14 19:11 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-14 19:09 UTC (permalink / raw)
To: ding
On Thu, Oct 14 2010, Lars Magne Ingebrigtsen wrote:
> Doesn't that just use the normal nnimap connection functions?
Not at all. ;)
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-14 19:09 ` Julien Danjou
@ 2010-10-14 19:11 ` Lars Magne Ingebrigtsen
2010-10-14 19:24 ` Julien Danjou
0 siblings, 1 reply; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-14 19:11 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
> Not at all. ;)
Oh. Then this has nothing to do with anything. :-)
What was the question again?
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-14 19:11 ` Lars Magne Ingebrigtsen
@ 2010-10-14 19:24 ` Julien Danjou
2010-10-14 19:29 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 19+ messages in thread
From: Julien Danjou @ 2010-10-14 19:24 UTC (permalink / raw)
To: ding
On Thu, Oct 14 2010, Lars Magne Ingebrigtsen wrote:
> Oh. Then this has nothing to do with anything. :-)
>
> What was the question again?
If you set sieve-manage-default-stream to 'starttls, it spawns
gnutls-bin and then hangs forever.
--
Julien Danjou
// ᐰ <julien@danjou.info> http://julien.danjou.info
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] sieve-manage: use auth-source
2010-10-14 19:24 ` Julien Danjou
@ 2010-10-14 19:29 ` Lars Magne Ingebrigtsen
0 siblings, 0 replies; 19+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-10-14 19:29 UTC (permalink / raw)
To: ding
Julien Danjou <julien@danjou.info> writes:
> If you set sieve-manage-default-stream to 'starttls, it spawns
> gnutls-bin and then hangs forever.
Ah, right.
That's why I made nnimap.el use tsl.el + openssl directly, because
starttls.el + gnutls-cli doesn't work most of the time.
So I'd suggest doing the same for sieve.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 19+ messages in thread
* sieve-manage & starttls
2010-10-13 15:34 ` Ludovic Courtès
2010-10-13 15:51 ` Julien Danjou
@ 2010-11-21 14:22 ` Ludovic Courtès
1 sibling, 0 replies; 19+ messages in thread
From: Ludovic Courtès @ 2010-11-21 14:22 UTC (permalink / raw)
To: ding
Hello!
ludo@gnu.org (Ludovic Courtès) writes:
> $ gnutls-cli --starttls -p 2000 imap.example.com
> Resolving 'imap.example.com'...
>
> - Simple Client Mode:
>
> "IMPLEMENTATION" "dovecot"
> "SASL" ""
> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"
> "STARTTLS"
> "RENAME"
> OK "mail server - Dovecot ready."
> STARTTLS
> OK "Begin TLS negotiation now."
> *** Starting TLS handshake
> - Ephemeral Diffie-Hellman parameters
> - Using prime: 1024 bits
> - Secret key: 1021 bits
> - Peer's public key: 1023 bits
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `...’
> - The hostname in the certificate matches 'imap.example.com'.
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: TLS1.0
> - Key Exchange: DHE-RSA
> - Cipher: AES-128-CBC
> - MAC: SHA1
> - Compression: NULL
> "IMPLEMENTATION" "dovecot"
> "SASL" "PLAIN"
> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy"
> "RENAME"
> OK "TLS negotiation successful."
I’ve tried ‘sieve-manage’ from Gnus HEAD.
One problem illustrated by the example above is that capabilities must
be re-parsed after STARTTLS authentication. This is complicated by the
fact that ‘gnutls-cli’ emits TLS information upon successful handshake
(the lines that start with a hyphen above), which
‘sieve-manage-parse-capability-1’ should ignore.
I’ve tried to work on this without success so far, so I’d welcome help
or even patches. :-)
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2010-11-21 14:22 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-05 16:16 [PATCH] sieve-manage: use auth-source Julien Danjou
2010-10-05 17:18 ` Lars Magne Ingebrigtsen
2010-10-05 17:28 ` Ted Zlatanov
2010-10-08 15:40 ` Ted Zlatanov
2010-10-08 16:01 ` Julien Danjou
2010-10-13 14:39 ` Ludovic Courtès
2010-10-13 14:44 ` Julien Danjou
2010-10-13 15:34 ` Ludovic Courtès
2010-10-13 15:51 ` Julien Danjou
2010-10-13 18:26 ` Lars Magne Ingebrigtsen
2010-10-13 18:35 ` Julien Danjou
2010-10-13 18:52 ` Lars Magne Ingebrigtsen
2010-10-14 9:54 ` Julien Danjou
2010-10-14 18:58 ` Lars Magne Ingebrigtsen
2010-10-14 19:09 ` Julien Danjou
2010-10-14 19:11 ` Lars Magne Ingebrigtsen
2010-10-14 19:24 ` Julien Danjou
2010-10-14 19:29 ` Lars Magne Ingebrigtsen
2010-11-21 14:22 ` sieve-manage & starttls Ludovic Courtès
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).