IMAP/SSL and Windows

["Thomas Hühn" <huehn@usenet.arcornews.de>]

Hi

I try to access my IMAP server using SSL (I've given up trying TLS).

Emacs-Version: "22.0.50.1"
Gnus-Version: "Gnus v5.11" (included in Emacs)

My .gnus has:

| (setq imap-debug t)
| (setq imap-log t)
| (setq imap-ssl-program "C:/Programme/OpenSSL/bin/openssl.exe s_client
|                         -ssl2 -connect %s:%p")
|
| (setq gnus-secondary-select-methods
|	'((nnimap "luna"
|		  (nnimap-address "luna.thomas-huehn.de")
|		  (nnimap-server-port 993)
|		  (nnimap-authinfo-file "~/.authinfo")
|		  (nnimap-stream ssl))))

I can manually do this on the command line and dovecot answers:

| C:/Programme/OpenSSL/bin/openssl.exe s_client -ssl2
|                   -connect luna.thomas-huehn.de:993

But luna is "denied" in Gnus.

*imap-debug* shows (USER and PASS are correct):

****************
" \"" "\"" OK t nil] 7]
| | | 4 -> imap-send-command-wait: command="LOGIN \"USER\" \"PASS\""
buffer=nil
| | | | 5 -> imap-send-command: command="LOGIN \"USER\" \"PASS\"" buffer=nil
| | | | | 6 -> imap-send-command-1: cmdstr="2 LOGIN \"USER\" \"PASS\""
======================================================================
1 -> imap-sentinel: process=#<process imap> string="finished
"
1 <- imap-sentinel: nil
****************

*imap-log*:

****************
verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 /CN=luna.thomas-huehn.de

verify error:num=27:certificate not trusted

verify return:1

depth=0 /CN=luna.thomas-huehn.de

verify error:num=21:unable to verify the first certificate

verify return:1

2 LOGIN "USER" "PASS"
****************

So it looks to me as if Gnus doesn't see dovecot's answer, right?

Server-side the log says:

| Oct  6 20:28:31 selene imap-login: Disconnected: Inactivity
|                                                   [84.160.236.188]

Then I found a posting by Simon Josefsson
(<Pine.LNX.4.44.0204110951390.12805-100000@yxa.extundo.com>):

"The problem might be related to CRLF confusion in imap.el / Windows /
OpenSSL.  Can you try frobbing `imap-client-eol' and (maybe more
importantly) `imap-server-eol'?  Try experimenting with \r\n and \n
values.  You'd might want to edebug imap-ssl-open and look in the
*nnimap* server buffer for what kind of eol character is returned."

My eol-settings are both "^M\n", where "^M" is "character: RET (13,
#o15,#xd, U+000D)". That's equivalent to "\r\n", right?

I don't really know how to use edebug, but I tried edebug-defun on
imap-open-ssl and got:

| verify depth is 0^M
|
| Loading 'screen' into random state -* OK dovecot ready.^M^M
|
|
| * BYE Disconnected for inactivity.^M^M
|
|
|  done^M
|
| depth=0 /CN=luna.thomas-huehn.de^M
|
| verify error:num=20:unable to get local issuer certificate^M
|
| verify return:1^M
|
| depth=0 /CN=luna.thomas-huehn.de^M
|
| verify error:num=27:certificate not trusted^M
|
| verify return:1^M
|
| depth=0 /CN=luna.thomas-huehn.de^M
|
| verify error:num=21:unable to verify the first certificate^M
|
| verify return:1^M
|
| read:errno=0^M

So I tried "\r" and "^M" as imap-server-eol and client-server-eol, but
without success so far. "\n" and "\r\n" didn't work, either.

Any ideas? Am I on the right track with those eols or is the problem
something different?

Thomas