The code from Curl, incidentally, is self-conditional (though I'm sure it may require some autoconf or Makefile hinting). If OpenSSL is present it uses it, and if not it has a RSA as a backup.
I'm not terribly comfortable with making OpenSSL or GNUTLS mandatory; some people may simply not have a need for secure IMAP. I know that I don't because I only bind DBMail to localhost and then use TWIG as a webmail interface to it (I thought that I wanted to write a direct access layer for TWIG, but then realized that by using IMAP I was shielded from the database changes in 2.0pre). For someone building a webmail system like this, SSL/TLS makes no sense because for a cracker to see the unencrypted traffic they'd have to own the machine in the first place. Aaron Ilja Booij <[EMAIL PROTECTED]> said: > Chris Nolan wrote: > > Ryan Butler wrote: > >> > >> gnutls is another option, it would allow implementation of > >> pop3s/imaps. Not sure if it has a md5 implementation with it, just > >> saying there are > >> alternatives to openssl if the licensing is a concern. > > Does anyone have anything concrete about the MD5 algorithm? I'd be happy > > to write up a C function to calculate the MD5 hash of an arbitrary > > amount of data given that information. > > There are enough implementations of MD5 floating around, so we do not > need another implementation. Besides, look at the current code for MD5 > in DBMail, or any other code for it, and then decide if you still want > to code this :) > > Using gnutls is also an option. I believe it also supports MD5. I don't > know if it's widely supported though. It is present in debian stable > (which is what we use here), and it's also in OpenBSD ports. I've never > used GNUTLS, but I guess programming it will be as easy as programming > for OpenSSL. I'll have a try later on :) . > > Ilja > _______________________________________________ > Dbmail-dev mailing list > Dbmail-dev@dbmail.org > http://twister.fastxs.net/mailman/listinfo/dbmail-dev > --
