From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/46143
Path: main.gmane.org!not-for-mail
From: Peter.Weiss@germany.sun.com (Peter Weiss, Sun Microsystems, Germany)
Newsgroups: gmane.emacs.gnus.general
Subject: X.509 IMAP access with ognus 0.07
Date: Fri, 16 Aug 2002 11:33:32 +0200
Sender: owner-ding@hpc.uh.edu
Message-ID: <xpxybs83172r.fsf@Germany.Sun.com>
NNTP-Posting-Host: localhost.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1029490492 18246 127.0.0.1 (16 Aug 2002 09:34:52 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Fri, 16 Aug 2002 09:34:52 +0000 (UTC)
Return-path: <owner-ding@hpc.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 17fdVJ-0004k9-00
	for <ding-account@gmane.org>; Fri, 16 Aug 2002 11:34:50 +0200
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 17fdUr-0000Dg-00; Fri, 16 Aug 2002 04:34:21 -0500
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Fri, 16 Aug 2002 04:34:52 -0500 (CDT)
Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id EAA16137
	for <ding@hpc.uh.edu>; Fri, 16 Aug 2002 04:34:38 -0500 (CDT)
Original-Received: (qmail 20225 invoked by alias); 16 Aug 2002 09:34:02 -0000
Original-Received: (qmail 20220 invoked from network); 16 Aug 2002 09:34:01 -0000
Original-Received: from nwkea-mail-2.sun.com (192.18.42.14)
  by gnus.org with SMTP; 16 Aug 2002 09:34:01 -0000
Original-Received: from sun-gy.Germany.Sun.COM ([129.157.128.5])
	by nwkea-mail-2.sun.com (8.9.3+Sun/8.9.3) with ESMTP id CAA29672
	for <ding@gnus.org>; Fri, 16 Aug 2002 02:33:34 -0700 (PDT)
Original-Received: from Winona.Germany.Sun.com (winona [129.157.133.118])
	by sun-gy.Germany.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id g7G9XXbR011243
	for <ding@gnus.org>; Fri, 16 Aug 2002 11:33:33 +0200 (MEST)
Original-Received: (from pw105345@localhost)
	by Winona.Germany.Sun.com (8.11.6+Sun/8.11.6) id g7G9XWs17985;
	Fri, 16 Aug 2002 11:33:32 +0200 (MEST)
X-Authentication-Warning: winona.Germany.Sun.com: pw105345 set sender to Peter.Weiss@Germany.Sun.com using -f
Original-To: ding@gnus.org
Original-Lines: 109
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.1
 (sparc-sun-solaris2.8)
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:46143
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:46143

Hello everyone (espacially Simon ;-),

I'm stuck with my imap connection using openssl and X509 certification:

Starting openssl from the shell the IMAP server on the remote works:

:1> openssl s_client -quiet -connect localhost:9993 -ssl3 -cert   /home/pw105345/Mail/Peter_Weiss_usercert.pem -key    /home/pw105345/Mail/Peter_Weiss_userkey.pem -CAfile /home/pw105345/Mail/ROOTCA_DER.crt
Enter PEM pass phrase:
depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=21:unable to verify the first certificate
verify return:1
* PREAUTH Domino IMAP4 Server Release 5.0.10  ready Fri, 16 Aug 2002 11:18:31 +0200


I've managed to do emacs the Passphrase interaction the following way by
modifying ssl.el a bit:

(defvar ssl-filter-pw "^Enter.*pass.*:"
  "Regexp for filter function to recognize password input requests")

(defun ssl-watch-for-password (proc inpstr)
  "Filter function to do password interaction if requested by started ssl
program."
  (message "FILTER function: input %s" inpstr)
  (cond ((string-match ssl-filter-pw inpstr)
         (message "Password request found")
         (send-string proc (concat (read-passwd inpstr) "\n")))))

(defun open-ssl-stream (name buffer host service)
  "Open a SSL connection for a service to a host.
Returns a subprocess-object to represent the connection.
Input and output work as for subprocesses; `delete-process' closes it.
Args are NAME BUFFER HOST SERVICE.
NAME is name for process.  It is modified if necessary to make it unique.
BUFFER is the buffer (or buffer-name) to associate with the process.
 Process output goes at end of that buffer, unless you specify
 an output stream or filter function to handle the output.
 BUFFER may be also nil, meaning that this process is not associated
 with any buffer
Third arg is name of the host to connect to, or its IP address.
Fourth arg SERVICE is name of the service desired, or an integer
specifying a port number to connect to."
  (if (integerp service) (setq service (int-to-string service)))
  (let* ((process-connection-type nil)
	 (port service)
	 (proc (eval
		(`
		 (start-process name buffer ssl-program-name
				(,@ ssl-program-arguments))))))
    (process-kill-without-query proc)
    (set-process-filter proc (function ssl-watch-for-password))
    proc))


Putting some message statements in the imap code I see in the messages buffer:

imap: Connecting to localhost...
imap: Opening SSL connection with `openssl s_client -quiet -connect %s:%p -ssl3 -cert   /home/pw105345/Mail/Peter_Weiss_usercert.pem -key    /home/pw105345/Mail/Peter_Weiss_userkey.pem -CAfile /home/pw105345/Mail/ROOTCA_DER.crt'...
IMAP: Parsing greeting
FILTER function: input Enter PEM pass phrase:
Password request found
Enter PEM pass phrase:
Enter PEM pass phrase:.
Enter PEM pass phrase:..
Enter PEM pass phrase:.............
FILTER function: input 

IMAP: Parsing greeting
FILTER function: input depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/O=CLASS AG/OU=Projects/CN=ln-com1.class.de
verify error:num=21:unable to verify the first certificate
verify return:1

FILTER function: input * PREAUTH Domino IMAP4 Server Release 5.0.10  ready Fri, 16 Aug 2002 11:23:59 +0200

IMAP: Parsing greeting [26 times]

=> The authentication seems to be succsessfull, the last message indicates
   that imap-parse-greeting () is called but find no suitable OK prompt from
   the IMAP server.

   BTW: Setting imap-log reports no interaction in the imap-log buffer, even
   though it is created.

Questions that arise:

o Is Domino IMAP4 not IMAP compatible?
o Are there some simple commands to check the functionality of the
  IMAP-Server to run from an openssl connection established from an
  interactive shell?

Thanks for hints --Peter

-- 
Consultant der CLASS AG   http://www.class.de
Professional Services
mobil +49 (0) 172/837 91 25
mailto:Peter.Weiss@class.de