* nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS
@ 2005-11-16 8:54 Boris Samorodov
2005-11-16 8:58 ` [SOLVED+patch] " Boris Samorodov
0 siblings, 1 reply; 3+ messages in thread
From: Boris Samorodov @ 2005-11-16 8:54 UTC (permalink / raw)
Hi!
I've posted a bug report to news server, but it seems to be overloaded
by spam. Here is the original message.
Hello Bugfixing Girls and Boys,
I have:
$ uname srm
FreeBSD 6.0-RELEASE i386
Gnus v5.11
GNU Emacs 22.0.50.3 (i386-unknown-freebsd6.0, X toolkit, Xaw3d scroll bars)
of 2005-11-15 on srv.sem.ipt.ru -- from cvs a couple of hours ago.
Cyrus IMAP4 v2.2.10 and it's imtest. OpenSSL 0.9.7e-p1 25 Oct 2004.
Here is full .emacs[1] I'm playing with:
-----
(setq imap-log t)
(custom-set-variables
'(gnus-select-method (quote
(nnimap "host.ipt.ru"
(nnimap-stream gssapi)
(nnimap-authenticator gssapi)
(nnimap-server-port 993))))
'(imap-gssapi-program (quote ("imtest -s -m gssapi -u %l -p %p %s"))))
-----
When changing nnimap-server-port to 143 and deletting an "-s" option
from imtest command, all goes well. But I'm expecting that GNUS should
work with SSL/TLS, because imtest from console shows almost identical
answers:
=====
$ imtest -m gssapi -u bsam -p 143 -c host.ipt.ru
S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=NTLM AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG08qWl1rrmHkof/1I3i55J8A01Pvm3eXnX0ojsT19Xwui8YWFoiKa269AbP2HMAlcaxc0/CIQacKm0np/pAmAtB07qDHAvyB6uE4ZRSbSsGlz4lV8H99BhML+GEeTR3ikjUvL04Isfqh785KEQZsEviHdxTUYvK63uuOulQUfWdk6UEQUbOasQkdQjV++rKSvNfqQhjDG3PdsjF9yjWI9ACyg4k4mPNtZGh08dyoGqSnk+1VuM
S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREsoVe9vaEBf7lX91zzmiUg/+kj5S2heWmQ3DoLDJ2zRa/073wM8ES14SmHf9scOXjn4fuV9phuro83GbnbrlKwnFmEdI=
C:
S: + YD8GCSqGSIb3EgECAgIBBAD/////9l8ZzJPvBLxN2sJ9qvQeADmgC4HdoytQXuowxsvMxdJYGtoGBwAQAAQEBAQ=
C: YEcGCSqGSIb3EgECAgIBBAD/////6yCVW4FihR9OYWKwO5+9PRKJJnPrlGtrtLml71tIEbt+tJhiBAAEAGJzYW0ICAgICAgICA==
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
$ imtest -s -m gssapi -u bsam -p 993 -c host.ipt.ru
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG0Q2Qjbbyn2z7K9ClnjBYhS3EEcaaUjAmsqpiu4zJjnbmlkEt0qdtSRkibR5njj6B0DfGr+u/nYiHCQDeALpmuaNMuKqPss6Wk+VyZzpkh08GAlmSJEB2Q6vxaITGJ9v9RZNFM68VQ8pJTAH+DQUyToNueheJu0wb+VjmIOIQSKtRSKBHVlqbp+WHOE05xbMGtp4f0AKyInK9cIRcGXPmitb5npPDJOKyXjehZkoIXAqqPv6In
S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREGTbaGs8aP4WtNZww9igzxdVzesf7mlIo0b3fsFnvIuGEU5H4VLy/nwqQilcpi0wVxLw9iLB3my6aYekEKqa6uN1DCjU=
C:
S: + YD8GCSqGSIb3EgECAgIBBAD/////jZ8I74L8pN0laRB3w6Ds7wshBVtejlAVT0Tuip/76elMzu+dAQAQAAQEBAQ=
C: YEcGCSqGSIb3EgECAgIBBAD/////OAiVSg7TbDaBUk+m4xXjLYJkphz4RRBydojKXr9wTl+KJqLXAQAEAGJzYW0ICAgICAgICA==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
=====
As I can see, the main difference is that the latter answer is
beginning with some error message (the certificate is
self-signed). But authentication in fact was successful.
When using config[1] and loading gnus emacs shows clocks as a cursor
forever (actually, I didn't wait more that five minutes). Top shows
emacs at select state, netstat shows that a connection with the server
is established.
Stream ssl, auth login and port 993 are working as a charm.
Thank you for cooperation. And for the great soft as well!
--
Boris B. Samorodov, Research Engineer
InPharmTech Co, http://www.ipt.ru
Telephone & Internet Service Provider
^ permalink raw reply [flat|nested] 3+ messages in thread
* [SOLVED+patch] nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS
2005-11-16 8:54 nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS Boris Samorodov
@ 2005-11-16 8:58 ` Boris Samorodov
2005-11-16 15:25 ` Simon Josefsson
0 siblings, 1 reply; 3+ messages in thread
From: Boris Samorodov @ 2005-11-16 8:58 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 553 bytes --]
Hi!
I've posted a bug report to news server, but it seems to be overloaded
by spam. Here is the original message.
On Wed, 16 Nov 2005 01:25:53 +0300 Boris Samorodov wrote:
> Hello Bugfixing Girls and Boys,
[skip]
> As I can see, the main difference is that the latter answer is
> beginning with some error message (the certificate is
> self-signed). But authentication in fact was successful.
Yes. That was the case.
Looking at gnus/imap.el I noticed a code at kerberos4 function dealing
with such messages. Hence, the next patch made gnus happy.
[-- Attachment #2: Patch for imap.el --]
[-- Type: text/plain, Size: 592 bytes --]
--- imap.el.orig Sun Oct 30 23:34:53 2005
+++ imap.el Wed Nov 16 09:55:45 2005
@@ -591,6 +591,13 @@
(while (and (memq (process-status process) '(open run))
(set-buffer buffer) ;; XXX "blue moon" nntp.el bug
(goto-char (point-min))
+ ;; Athena IMTEST can output SSL verify errors
+ (or (while (looking-at "^verify error:num=")
+ (forward-line))
+ t)
+ (or (while (looking-at "^TLS connection established")
+ (forward-line))
+ t)
;; cyrus 1.6.x (13? < x <= 22) queries capabilities
(or (while (looking-at "^C:")
(forward-line))
[-- Attachment #3: Type: text/plain, Size: 172 bytes --]
Is anybody interested in committing the patch?
WBR
--
Boris B. Samorodov, Research Engineer
InPharmTech Co, http://www.ipt.ru
Telephone & Internet Service Provider
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SOLVED+patch] nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS
2005-11-16 8:58 ` [SOLVED+patch] " Boris Samorodov
@ 2005-11-16 15:25 ` Simon Josefsson
0 siblings, 0 replies; 3+ messages in thread
From: Simon Josefsson @ 2005-11-16 15:25 UTC (permalink / raw)
Cc: ding
Boris Samorodov <bsam@ipt.ru> writes:
> Hi!
>
> I've posted a bug report to news server, but it seems to be overloaded
> by spam. Here is the original message.
>
> On Wed, 16 Nov 2005 01:25:53 +0300 Boris Samorodov wrote:
>
>> Hello Bugfixing Girls and Boys,
> [skip]
>> As I can see, the main difference is that the latter answer is
>> beginning with some error message (the certificate is
>> self-signed). But authentication in fact was successful.
>
> Yes. That was the case.
>
> Looking at gnus/imap.el I noticed a code at kerberos4 function dealing
> with such messages. Hence, the next patch made gnus happy.
>
> --- imap.el.orig Sun Oct 30 23:34:53 2005
> +++ imap.el Wed Nov 16 09:55:45 2005
> @@ -591,6 +591,13 @@
> (while (and (memq (process-status process) '(open run))
> (set-buffer buffer) ;; XXX "blue moon" nntp.el bug
> (goto-char (point-min))
> + ;; Athena IMTEST can output SSL verify errors
> + (or (while (looking-at "^verify error:num=")
> + (forward-line))
> + t)
> + (or (while (looking-at "^TLS connection established")
> + (forward-line))
> + t)
> ;; cyrus 1.6.x (13? < x <= 22) queries capabilities
> (or (while (looking-at "^C:")
> (forward-line))
>
> Is anybody interested in committing the patch?
Hi! Installed in No Gnus and Gnus 5.10.
Thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-11-16 15:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-11-16 8:54 nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS Boris Samorodov
2005-11-16 8:58 ` [SOLVED+patch] " Boris Samorodov
2005-11-16 15:25 ` Simon Josefsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).