improvement -- imaps

improvement -- imaps

[Amos Gouaux]

In the past if for some reason my SSL session to the IMAP server
hung while sending a message, gnus pretty much locked up.  I had to
^G then M-g the folder to force a re-login to the IMAP server.

Just now I went to send a message and it looked like it was about to
do the same thing.  However, at least this time gnus didn't hang.
Here's the contents of the *Help: lossage* buffer:

Sending...done 
Couldn't store article in group nnimap+inbox:sent-mail-2001-09: nil 
Garbage: RENEGOTIATING 
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority 
verify error:num=19:self signed certificate in certificate chain   
verify return:0 
5064 NO System I/O error 
nnimap: Updating info for nnimap+inbox:sent-mail-2001-09...done 
nnimap: Updating info for nnimap+inbox:sent-mail-2001-09... 
221 Bye 

The GCC message didn't make it into this folder.  Still, at least
gnus didn't lock up on me.  In the past I would see "RENEGOTIATING"
and then nothing until I did the ^G.

-- 
Amos

Re: improvement -- imaps

[Simon Josefsson]

On Thu, 6 Sep 2001, Amos Gouaux wrote:

> Sending...done
> Couldn't store article in group nnimap+inbox:sent-mail-2001-09: nil
> Garbage: RENEGOTIATING
> depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> 5064 NO System I/O error
> nnimap: Updating info for nnimap+inbox:sent-mail-2001-09...done
> nnimap: Updating info for nnimap+inbox:sent-mail-2001-09...
> 221 Bye

Hm, I thought the -quiet option to OpenSSL would stop the stupid
RENEGOTIATING stuff (OpenSSL `s_client' renegotiates the TLS cipher suite
or something when a "R" is sent as the first character on a line, I
believe).  Did you manually override the `imap-ssl-program' variable
somehow?

Invoking external binaries for security stuff suck, in theory someone
could add TLS, Kerberos etc capabilities to Emacs.  I've started a project
at <URL:http://josefsson.org/securemacs/> but unfortunately I can't
seem to bring myself to work more than 24 hours a day ...

Re: improvement -- imaps

[Amos Gouaux]

>>>>> On Thu, 6 Sep 2001 22:18:28 +0200 (CEST),
>>>>> Simon Josefsson <jas@extundo.com> (sj) writes:

sj> Hm, I thought the -quiet option to OpenSSL would stop the stupid
sj> RENEGOTIATING stuff (OpenSSL `s_client' renegotiates the TLS cipher suite
sj> or something when a "R" is sent as the first character on a line, I
sj> believe).  Did you manually override the `imap-ssl-program' variable
sj> somehow?

Oops.

In my ~/.xemacs/init.el I've got:

;;; until openssl starts looking for /var/run/egd-pool on its own.
(setq imap-ssl-program
      '("openssl s_client -rand /var/run/egd-pool -ssl3 -connect %s:%p"))

The reason why I did this was to add the -rand option (this is on a
Solaris box without /dev/{random,urandom}).  So I need to add the
-quiet option.  Is that the reason for the hanging?  Sure will be
glad when openssl-0.9.7 is out.

sj> Invoking external binaries for security stuff suck, in theory someone
sj> could add TLS, Kerberos etc capabilities to Emacs.  I've started a project
sj> at <URL:http://josefsson.org/securemacs/> but unfortunately I can't
sj> seem to bring myself to work more than 24 hours a day ...

Interesting....

-- 
Amos

Re: improvement -- imaps

[Simon Josefsson]

On Thu, 6 Sep 2001, Amos Gouaux wrote:

> ;;; until openssl starts looking for /var/run/egd-pool on its own.
> (setq imap-ssl-program
>       '("openssl s_client -rand /var/run/egd-pool -ssl3 -connect %s:%p"))
>
> The reason why I did this was to add the -rand option (this is on a
> Solaris box without /dev/{random,urandom}).  So I need to add the
> -quiet option.  Is that the reason for the hanging?

Yes, I think so.