Re: SSL again with tls.patch
Franz Sirl wrote:
> Incidentally I just got this to work yesterday on a server of mine. I had
> initial problems too, but I got rid of them with the following steps:
>
> - on "make cert" in the patched qmail-1.03 dir, entered the machines
> hostname for "Common name (...)"
> - removed "fixcrio" from the qmail-smtpd invocation line (hmm, try removing
> rblsmtpd too if you use it?)
> - created /var/qmail/control/tlsserverciphers with "DEFAULT" as the only
> content
>
> I dunno which of the above steps are really necessary, but it works here
> now with Eudora-5.1 as the client. Now I have to find out how to teach
> qmail-pop3 TLS...
I've written a small (hacky) patch to fixcrio so that it recognizes TLS
sessions.
But you don't need to remove rblsmtpd, it works fine here.
--- ucspi-tcp-0.88/fixcrio.cSat Mar 18 16:18:42 2000
+++ ucspi-tcp-0.88.new/fixcrio.cSat Jun 2 01:39:46 2001
@@ -23,6 +23,14 @@
int rightpos;
int rightflagcr = 0;
+#define NULL ((void *)0)
+int active = 1;
+int gotleft_tls = 0;
+static char left_tls[] = "STARTTLS";
+static char right_tls[] = "220";
+static char *left_p = NULL;
+static char *right_p = NULL;
+
void doit(int fdleft,int fdright)
{
struct taia stamp;
@@ -83,9 +91,20 @@
leftlen = 0;
for (i = 0;i < r;++i) {
ch = prebuf[i];
- if (ch == '\n')
- if (!leftflagcr)
- leftbuf[leftlen++] = '\r';
+ if (active)
+ if (ch == '\n') {
+ if (!leftflagcr)
+ leftbuf[leftlen++] = '\r';
+ gotleft_tls = (left_p != NULL && *left_p == 0);
+ if (gotleft_tls)
+ right_p = right_tls;
+ left_p = left_tls;
+ } else if (left_p != NULL && *left_p != 0) {
+ if (ch == *left_p)
+ left_p++;
+ else
+ left_p = NULL;
+ }
leftbuf[leftlen++] = ch;
leftflagcr = (ch == '\r');
}
@@ -107,9 +126,18 @@
rightlen = 0;
for (i = 0;i < r;++i) {
ch = prebuf[i];
- if (ch == '\n')
- if (!rightflagcr)
- rightbuf[rightlen++] = '\r';
+ if (active)
+ if (ch == '\n') {
+ if (!rightflagcr)
+ rightbuf[rightlen++] = '\r';
+ active = !(right_p != NULL && *right_p == 0);
+ right_p = NULL;
+ } else if (right_p != NULL && *right_p != 0) {
+ if (ch == *right_p)
+ right_p++;
+ else
+ right_p = NULL;
+ }
rightbuf[rightlen++] = ch;
rightflagcr = (ch == '\r');
}
Ciao, Chtephan!
Re: SSL again with tls.patch
At 12:01 01.08.2001, Per-fredrik Pollnow (EPK) wrote: >Hi, > >I think I'm getting on you nerves in this mailing list with my SSL crap, >but I need to get it to work. > >OK, This is what I have done: I have remake qmail-1.03 with tls.patch, and >I replaced the qmail-smtpd and qmail-remote binary. I have done a >/var/qmail/control/servercert.pem (and I have openssl installed (default >in the O/S [OpenBSD2.9] hmm else I couldn't install the cert.)). > >That's it, But I get this error messages in my client: > >Unable to establish a SSL connection with the server. Account: >'136.225.42.56', Server: '136.225.42.56', Protocol: SMTP, Server Response: >'454 TLS not available: missing RSA private key (#4.3.0)', Port: 25, >Secure(SSL): Yes, Server Error: 454, Error Number: 0x800CCC7F > >If someone knows what the problem is, please mail me and the mailing list >a E-mail :=). Incidentally I just got this to work yesterday on a server of mine. I had initial problems too, but I got rid of them with the following steps: - on "make cert" in the patched qmail-1.03 dir, entered the machines hostname for "Common name (...)" - removed "fixcrio" from the qmail-smtpd invocation line (hmm, try removing rblsmtpd too if you use it?) - created /var/qmail/control/tlsserverciphers with "DEFAULT" as the only content I dunno which of the above steps are really necessary, but it works here now with Eudora-5.1 as the client. Now I have to find out how to teach qmail-pop3 TLS... Franz.
SSL again with tls.patch
Hi, I think I'm getting on you nerves in this mailing list with my SSL crap, but I need to get it to work. OK, This is what I have done: I have remake qmail-1.03 with tls.patch, and I replaced the qmail-smtpd and qmail-remote binary. I have done a /var/qmail/control/servercert.pem (and I have openssl installed (default in the O/S [OpenBSD2.9] hmm else I couldn't install the cert.)). That's it, But I get this error messages in my client: Unable to establish a SSL connection with the server. Account: '136.225.42.56', Server: '136.225.42.56', Protocol: SMTP, Server Response: '454 TLS not available: missing RSA private key (#4.3.0)', Port: 25, Secure(SSL): Yes, Server Error: 454, Error Number: 0x800CCC7F If someone knows what the problem is, please mail me and the mailing list a E-mail :=). /Per
