Note: forwarded message attached.
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com --- Begin Message ---
It works now! I have successfully sent an email using
smtp.gmail.com
as for auth login plain, it is encoded base64, I know
it is very easy to decode for anybody, but I don't
know about someone who is spying on the internet line
if he would be able to decode it since it use ssl at
the socket level. I have tried with a tcp spy soft and
there is no way to understand what is going through,
at least for my knowledge.
oh by the way, I will post the complete code source as
I think this kind of stuff is missing on openssl web
site, it took me many days to understand how new smtp
server work, many days to understand openssl, struggle
on how gmail works, I think it should be easy and
straith forward to do things like that.
and one last good thing, BIG THANKS to openssl, it is
not that big as many competitors mention, just to get
the code to work to send an email through ssl/tls, it
take less than 1kb (using upx of course) in my
application. Of course, it compress with all others
stuff in my application, but still, only 1 mere kbyte
to support ssl/tls!!!
--- Bernhard Froehlich <[EMAIL PROTECTED]> wrote:
> Serge wrote:
>
> >Hi!
> >It makes a lot of sense and I understand a lot
> better
> >now, I was not encrypting my username and password,
> I
> >think the encryption at that point (auth login
> plain)
> >is base64, I tried but same reject response, anyway
> I
> >will find out what is the trick to get there, one
> more
> >question though: what would be the rest of it,
> >encrypt, then send through ssl_write? I though
> >ssl_write would encrypt every string before sending
> >it?
> >
> >
> Yes of course, the data you send with ssl_write is
> (usually) encrypted.
> But this is a transport layer, if the application
> (the SMTP server)
> requests additional encryption (like for the
> password) you'll have to do
> it yourself.
> The reason for this double encryption is most
> probably just that the
> SMTP-server does not know anything about the
> encrypted transport layer
> (or does not care) and so it expects the same data
> regardless to which
> port you connected.
>
> And, by the way, base64 does not qualify as an
> encryption, since
> everyone can "decrypt" it without knowing anything
> else. ;)
>
> >thanks for your time!
> >
> >
> My pleasure. Just reciprocating what I have received
> from others. ;)
> Ted
>
> --
> PGP Public Key Information
> Download complete Key from
> http://www.convey.de/ted/tedkey_convey.asc
> Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1
> 0CC8 70F4 7AFB 8D26
>
>
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
--- End Message ---
