On Fri, 2019-05-10 at 08:41 +0200, Milan Crha via evolution-hackers
wrote:
> On Thu, 2019-05-09 at 11:03 -0700, James Bottomley wrote:
> > I can certainly test things out.
>
> Hi,
> that's great, thanks.
>
> > To be honest, I've had problems with TLSv1.3 every time it's been
> > negotiated, so disabling it is a reasonable thing to do.
>
> I see. If you are still willing to help, then it'll be appreciated.
>
> > I suppose there's no gntuls-cli equivalent for glib-
> > networking? That
> > would be the best way to test it.
>
> I agree, but I'm not aware of anything like that (which doesn't mean
> it
> doesn't exist). I made a little test program as promised, see the
> attachment. The first line contains a comment with a command to
> compile
> and run it (against Google's IMAP server). It's only a test program,
> mimic-ing what Evolution (or better Camel library from evolution-
> data-
> server) does. You may have installed development packages for glib
> and,
> if split, also for glib's gio, to be able to compile it.
>
> Bye,
> Milan
>
> P.S.: The result of the run as is in the file itself is below:
>
>
> $ ./imap-conn imap.googlemail.com 993
>
> Connected to imap.googlemail.com:993
> Response: * OK Gimap ready for requests from {IPADDRESS} {SOMETOKEN}
>
> Request: A01 CAPABILITY
> Response: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID
> XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN
> AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
> A01 OK Thats all she wrote! {SOMETOKEN}
>
> Request: A02 LOGOUT
> Response: * BYE Logout Requested {SOMETOKEN}
> A02 OK Quoth the raven, nevermore... {SOMETOKEN}
So when I run it against my current setup (TLSv1.3 disabled) I get this
as expected:
jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
Connected to bedivere.hansenpartnership.com:993
Response: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready.
Request: A01 CAPABILITY
Response: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
LITERAL+ AUTH=PLAIN
Request: A02 LOGOUT
Response: A01 OK Pre-login capabilities listed, post-login capabilities have
more.
But when I enable TLSv1.3 in dovecot on the server I get this:
jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
Connected to bedivere.hansenpartnership.com:993
Failed to read data from the server: Error reading data from TLS socket: The
specified session has been invalidated for some reason.
Which isn't particularly helpful, although it does prove the issue is
indeed in glib-networking. Is there further debugging I should turn
on?
James
_______________________________________________
evolution-hackers mailing list
[email protected]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-hackers
