Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working

From:	Chris Hall
Subject:	Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working
Date:	Tue, 05 Jun 2012 13:30:20 -1000
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1

Hope this helps, I'd like to run imap4d instead of Dovecot, but STARTTLS
is a *must*.

I stopped Dovecot, installed the Squeeze imap4d-mailutils. (I still want
tuse 2.99.96 so I left it installed, thus the command line extras.) 
Then I uninstalled imap4d-mailutils, and tested against the Mailutils
2.99.96 built on the Squeeze box.

First:
~$ gnutls-cli --version
gnutls-cli (GnuTLS) 2.12.14
Packaged by Debian (2.12.14-5ubuntu3)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Nikos Mavrogiannopoulos.

Now, it looks like the Squeeze (Mailutils 2.1, apparently?) version will
STARTTLS with GnuTLS.

But when I try the same thing against 2.99.96, imap4d (subprocess?)
segfaults -- the daemon keeps running.  Here is what I saw in syslog:

Jun  5 17:17:21 kaikala imap4d[1082]: process 1118 terminated on signal 11
Jun  5 17:17:21 kaikala kernel: [8029768.775851] imap4d[1118]: segfault
at 68 ip b76e14bf sp \
bfe78dd0 error 4 in libmailutils.so.4.0.0[b7668000+8b000]

Here is the gnutls-cli output:
:~$ gnutls-cli --insecure --port 143 --starttls workingdroid.com
Resolving 'workingdroid.com'...
Connecting to '206.217.130.140:143'...

- Simple Client Mode:

* OK IMAP4rev1
A STARTTLS
A OK STARTTLS Begin TLS negotiation
- Peer has closed the GnuTLS connection

NOTE: This happens immediately, *BEFORE* I have a chance to send
gnutls-cli SIGALARM

FWIW, here is gnutls-cli with Mailutils 2.1 imap4d, looks like that worked:

# LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/sbin/imap4d  --version
imap4d (GNU Mailutils 2.1)

~$ gnutls-cli --insecure --port 143 --starttls workingdroid.com
Resolving 'workingdroid.com'...
Connecting to '206.217.130.140:143'...

- Simple Client Mode:

* OK IMAP4rev1
A CAPABILITY
* CAPABILITY IMAP4rev1 NAMESPACE ID IDLE LITERAL+ UNSELECT STARTTLS
AUTH=GSSAPI AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=LOGIN AUTH=PLAIN
AUTH=SECURID AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1
A OK CAPABILITY Completed
A STARTTLS
A OK STARTTLS Begin TLS negotiation
*** Starting TLS handshake
- Successfully sent 0 certificate(s) to server.
- Ephemeral Diffie-Hellman parameters
 - Using prime: 768 bits
 - Secret key: 767 bits
 - Peer's public key: 766 bits
- Server has requested a certificate.
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `C=US,ST=Hawaii,L=Aloha,O=NaiaSoft\,
LLC,OU=HQ,CN=mail.workingdroid.com,address@hidden',
issuer `C=US,ST=Hawaii,L=Aloha,O=NaiaSoft\,
LLC,OU=HQ,CN=mail.workingdroid.com,address@hidden',
RSA key 2048 bits, signed using RSA-SHA1, activated `2012-06-01 18:45:12
UTC', expires `2015-06-01 18:45:12 UTC', SHA-1 fingerprint
`a5c38b7d7a23f1f20a2f73bd68f4742e0496d7e3'
- The hostname in the certificate does NOT match 'workingdroid.com'
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
A CAPABILITY
* CAPABILITY IMAP4rev1 NAMESPACE ID IDLE LITERAL+ UNSELECT AUTH=GSSAPI
AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=LOGIN AUTH=PLAIN AUTH=SECURID
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1
A OK CAPABILITY Completed

On 06/05/2012 08:11 AM, Daniel Kahn Gillmor wrote:
> On 05/31/2012 10:28 AM, Chris Hall wrote:
>> Server running Debian Squeeze, client running Ubuntu 12.04
>>
>> GNU Mailutils 2.99.96 on both server and client machines.
> Does the binary from mailutils-imap4d from debian squeeze also have the
> same problem?
>
> Can you provide a packet capture of an aborted TLS session?
>
> fwiw, i was able to connect to it with gnutls-cli (ignoring certificate
> validation):
>
>  gnutls-cli --insecure --port 143 --starttls workingdroid.com
>
> then type "A STARTTLS", and then the server should respond:
>
>  A OK Begin TLS negotiation now.
>
> at that point, from another shell on the client, run:
>
>  killall -ALRM gnutls-cli
>
> and the negotiation should proceed.
>
> this worked for me with gnutls-cli from gnutls-bin 3.0.19-2 on debian
> wheezy.
>
>       --dkg
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Daniel Kahn Gillmor, 2012/06/05
- Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall <=
  - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Daniel Kahn Gillmor, 2012/06/05
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/05
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Sergey Poznyakoff, 2012/06/06
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/06
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Sergey Poznyakoff, 2012/06/06
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/06
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/05
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/05
    - Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working, Chris Hall, 2012/06/06

Prev by Date: Re: [bug-mailutils] Maidag config
Next by Date: Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working
Previous by thread: Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working
Next by thread: Re: [bug-mailutils] Can't seem to get imap4d STARTTLS working
Index(es):
- Date
- Thread