Brian, Do I have to use the tls-options setting that you recommended to make Eudora work with the qpopper beta and newer openssl? Also, what are the implications of changing that setting?
Thanks, Scott At 03:26 PM 9/11/2002, Brian C. Hill wrote: > :) > > I figured it was time to post the details of my experience to >the list, since so many people seemed to be having the same problem. > > I don't know what changed in openssl exactly, but whatever it >was broke Eudora. I think it was a combination of a buffer overrun fix >and chaging default behavior, but it could have been that the fix >resulted in behavior that could be partially worked around by a new >optional setting... You got me. 96g and 97b3 both adpoted the new >behavior, though. > >Brian >====================================================================== >On Wed, Sep 11, 2002 at 03:16:58PM -0500, Scott Johnson wrote: > > Finally, I feel like I'm getting somewhere here. > > > > What changed in openssl that broke 4.0.4 w/Eudora? > > > > -Scott > > > > > > > > At 03:14 PM 9/11/2002, Brian C. Hill wrote: > > > Right. Only 4.0.5 supports the new SSL options. > > > > > > I think you are outta luck. This is going to be one of this > > >"can't have your cake and eat it, too" situations. Your choices: > > > > > > old openssl (without default behavior changes) and 4.0.4 qpopper: > > > > > > * security problem with openssl > > > > > > new openssl and 4.0.4: > > > > > > * Eudora clients can't get mail (at least mine couldn't) > > > > > > new openssl and 4.0.5p1 > > > > > > * works, but you are into beta software > > > > > > Your call. > > > > > >Brian > > >====================================================================== > > >On Wed, Sep 11, 2002 at 03:08:32PM -0500, Scott Johnson wrote: > > >> I'm trying to stay away from beta-level software at my > > >> installation. Here's what I'm running: > > >> > > >> OS: FreeBSD 4.5 > > >> OpenSSL: 0.9.6g > > >> qpopper: 4.0.4 > > >> Eudora: 5.1.1 > > >> > > >> I haven't tried connecting to qpopper via SSL with other clients > because > > >I > > >> quite frankly haven't found any other POP3 clients that I can stand to > > >use. > > >> > > >> The tls-options setting that Brian mentioned below definitely doesn't > > >work > > >> with 4.0.4: > > >> > > >> Unrecognized option; scanning "tls-options" at line 9 of config file > > >> /etc/popper.conf > > >> > > >> So does qpopper just not work with the more recent versions of OpenSSL? > > >> > > >> -Scott > > >> > > >> > > >> At 02:42 PM 9/11/2002, you wrote: > > >> > Which clients are causing this problem for everyone? > > >> > > > >> > I only had it with Eudora 5.1.1 (the latest available) only > > >> >when I upgraded to OpenSSL 0.97-beta3 - Outlook, Outlook Express, > > >> >Netscape, and Opera didn't generate that message. > > >> > > > >> > Getting 4.0.5b1 and setting SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS > > >> >fixed it. > > >> > > > >> >OS: SunOS 5.8/sparc > > >> >OpenSSL: 0.97-beta3 > > >> >qpopper: 4.0.5b1 > > >> > > > >> ># SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS > > >> >set tls-options=0x00000800 > > >> > > > >> > Setting this setting doesn't seem desirable in the long run > > >> >(why else would it not be default behavior?) - hopefully a newer > > >> >release of Eudora will address this. > > >> > > > >> > I am guessing that OpenSSL 0.96g may be causing the same > problem > > >> >for everyone that is using it. > > >> > > > >> > I did not need to set the more sweeping tls-workarounds > setting. > > >> > > > >> >Brian > > >> >====================================================================== > > >> >On Wed, Sep 11, 2002 at 01:08:50PM -0500, Scott Johnson wrote: > > >> >> At 04:42 AM 9/11/2002, you wrote: > > >> >> >At 10:08 PM 9/10/02 -0700, Chuck Yerkes wrote: > > >> >> >>Start with "ldd qpopper" > > >> >> >> > > >> >> >>see which libraries it's using, which .h files the build > > >> >> >>is hitting. > > >> >> >> > > >> >> >>You might get adventurous on your build machine and gzip > > >> >> >>the appropriate .h files in /usr/include/ and maybe the libssl.* > > >> >> >>stuff. Just to be sure your build isn't using it. > > >> >> >> > > >> >> >>Force it to link static (CFLAGS+=-static) so you don't > > >> >> >>catch the wrong static libssl.so > > >> >> > > > >> >> >Chuck! Chuck! > > >> >> > > > >> >> >I think you may have found it! Under FreeBSD it seems to be > > >utilizing > > >> >the > > >> >> >wrong libraries! > > >> >> > > > >> >> >I recompiled and tweaked the library loc settings and I think I got > > >it > > >> >> >working! Give me a few days to play with it to make sure I'm right, > > >but > > >> >> >you pointed me in the right direction! I think we may have figured > > >out > > >> >> >what the FreeBSD problem is. > > >> >> > > > >> >> >Thanks very much!! > > >> >> > > >> >> > > >> >> I finally got qpopper to build on FreeBSD last night after cleaning > > >out > > >> >> more libraries. It seems that a stale libcrypto was the cause this > > >> >> time. I still get an error when trying to connect to qpopper via > > >> >SSL/TLS, > > >> >> however: > > >> >> > > >> >> Possible probe of account xxxxxxxx > > >> >> > > >> >> I think I'm just going to need to go through and remove more old > > >headers > > >> >> and libraries, but I'm going to make this work one way or another. > > >> >> > > >> >> -Scott > > >> > > > >> >-- > > >> > > _____________________________________________________________________ > > >> > / Brian C. Hill [EMAIL PROTECTED] http://brian.bch.net > > >\ > > >> > | Unix Specialist BCH Technical Services http://www.bch.net > > >| > > > > > >-- > > > _____________________________________________________________________ > > > / Brian C. Hill [EMAIL PROTECTED] http://brian.bch.net \ > > > | Unix Specialist BCH Technical Services http://www.bch.net | > >-- > _____________________________________________________________________ > / Brian C. Hill [EMAIL PROTECTED] http://brian.bch.net \ > | Unix Specialist BCH Technical Services http://www.bch.net |
