Op 10/26/2017 om 1:32 PM schreef Marc Weustink: > Hi, > > I've enabled client certificate authentication for imap and > managesieve. When I use Thunderbird with the sieve plugin it tries to > login, but times out. > > Initially I reported this to the sieve plugin, but we came to the > conclusion that it managesieve is misbehaving. > > https://github.com/thsmi/sieve/issues/94 > > Thunderbird (win10-64) 52.4.0 (32bit) > Sieve 0.2.3k > Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid) > > > What happens is the following (p=plugin sends m=managesieve sends) > > p:authenticate "EXTERNAL" "" > m:"" > > The response is unexpected. According to RFC 5804 an empty > challenge/response is sent as an empty string. So I would expect: > > p:authenticate "EXTERNAL" "" > m:OK "Logged in." > > > > With the use of gnutls-cli I could reproduce (c=I send m=managesieve > sends) > gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile > marc_mail.crt -p sieve 172.17.1.4 > > ... > m:OK "TLS negotiation successful." > c:authenticate "EXTERNAL" "" > m:"" > c:"" > m:OK "Logged in." > > > However if I try the "imap" syntax (rfc4959) I get logged in at once > > ... > m:OK "TLS negotiation successful." > c:authenticate "EXTERNAL" "=" > m:OK "Logged in." > > Note that this is an imap only extention, "=" is an invalid base64 > encoding.
Will get back on this later. Regards, Stephan.
