[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] TLS support for POP merged to master
From: |
Eric Gillespie |
Subject: |
Re: [Nmh-workers] TLS support for POP merged to master |
Date: |
Fri, 30 Sep 2016 01:28:54 -0700 |
Ken Hornstein <address@hidden> writes:
> I've merged into the main tree a complete reworking of our networking
> code. Now all of the network security layer has been moved into a
> single set of routines (see h/netsec.h and sbr/netsec.c) and our POP and
Thanks for all the work Ken! This new stuff looks quite nice.
However I'm having some trouble with it.
> inc(1) and msgchk(1)).
You missed msgchk, as far as I can tell.
> Existing users should notice almost no change, with one significant
> exception. Users who use the new OAuth authentication support are now
> required to add the -sasl flag to the appropriate utilities. The OAuth
I run inc like this:
#: in .mh_profile
inc: -host pop.gmail.com -saslmech xoauth2 -authservice gmail -user
address@hidden
inc -proxy 'openssl s_client -connect %h:995 -verify 5 -verify_return_error
-quiet'
Tonight I read over and then tried the latest stuff, like this:
inc: -host pop.gmail.com -port 995 -initialtls -sasl -saslmech xoauth2
-authservice gmail -user address@hidden
but it crashes after a few messages with "inc: TLS peer aborted
connection". Redacted -snoop transcript:
1 nmh% uip/inc -snoop
Trying to connect to "pop.gmail.com" ...
Connecting to 74.125.28.108:995...
TLS negotiation successful: ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1/SSLv3
(tls-decrypted) <= +OK Gpop ready for requests from 50.247.106.229
a17mb14133711oii
(tls-encrypted) => CAPA
(tls-decrypted) <= +OK Capability list follows
(tls-decrypted) <= USER
(tls-decrypted) <= RESP-CODES
(tls-decrypted) <= EXPIRE 0
(tls-decrypted) <= LOGIN-DELAY 300
(tls-decrypted) <= TOP
(tls-decrypted) <= UIDL
(tls-decrypted) <= X-GOOGLE-RICO
(tls-decrypted) <= SASL PLAIN XOAUTH2 OAUTHBEARER
(tls-decrypted) <= .
(tls-encrypted) => AUTH XOAUTH2 ...
(tls-decrypted) <= +OK Welcome.
(tls-encrypted) => STAT
(tls-decrypted) <= +OK 412 11677565
Incorporating new mail into inbox...
(tls-encrypted) => RETR 1
(tls-decrypted) <= +OK message follows
(tls-encrypted) => DELE 1
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 2
(tls-decrypted) <= +OK message follows
(tls-encrypted) => DELE 2
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 3
(tls-decrypted) <= +OK message follows
(tls-encrypted) => DELE 3
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 4
(tls-decrypted) <= +OK message follows
(tls-encrypted) => DELE 4
(tls-decrypted) <= +OK marked for deletion
(tls-encrypted) => RETR 5
(tls-decrypted) <= +OK message follows
inc: TLS peer aborted connection
System is FreeBSD hassadar.pretzelnet.org 10.2-RELEASE-p18 FreeBSD
10.2-RELEASE-p18 #0: Sat May 28 08:53:43 UTC 2016
address@hidden:/usr/obj/usr/src/sys/GENERIC amd64
Any ideas?
Thanks!