Re: SSL again with tls.patch
Franz Sirl wrote: > Incidentally I just got this to work yesterday on a server of mine. I had > initial problems too, but I got rid of them with the following steps: > > - on "make cert" in the patched qmail-1.03 dir, entered the machines > hostname for "Common name (...)" > - removed "fixcrio" from the qmail-smtpd invocation line (hmm, try removing > rblsmtpd too if you use it?) > - created /var/qmail/control/tlsserverciphers with "DEFAULT" as the only > content > > I dunno which of the above steps are really necessary, but it works here > now with Eudora-5.1 as the client. Now I have to find out how to teach > qmail-pop3 TLS... I've written a small (hacky) patch to fixcrio so that it recognizes TLS sessions. But you don't need to remove rblsmtpd, it works fine here. --- ucspi-tcp-0.88/fixcrio.cSat Mar 18 16:18:42 2000 +++ ucspi-tcp-0.88.new/fixcrio.cSat Jun 2 01:39:46 2001 @@ -23,6 +23,14 @@ int rightpos; int rightflagcr = 0; +#define NULL ((void *)0) +int active = 1; +int gotleft_tls = 0; +static char left_tls[] = "STARTTLS"; +static char right_tls[] = "220"; +static char *left_p = NULL; +static char *right_p = NULL; + void doit(int fdleft,int fdright) { struct taia stamp; @@ -83,9 +91,20 @@ leftlen = 0; for (i = 0;i < r;++i) { ch = prebuf[i]; - if (ch == '\n') - if (!leftflagcr) - leftbuf[leftlen++] = '\r'; + if (active) + if (ch == '\n') { + if (!leftflagcr) + leftbuf[leftlen++] = '\r'; + gotleft_tls = (left_p != NULL && *left_p == 0); + if (gotleft_tls) + right_p = right_tls; + left_p = left_tls; + } else if (left_p != NULL && *left_p != 0) { + if (ch == *left_p) + left_p++; + else + left_p = NULL; + } leftbuf[leftlen++] = ch; leftflagcr = (ch == '\r'); } @@ -107,9 +126,18 @@ rightlen = 0; for (i = 0;i < r;++i) { ch = prebuf[i]; - if (ch == '\n') - if (!rightflagcr) - rightbuf[rightlen++] = '\r'; + if (active) + if (ch == '\n') { + if (!rightflagcr) + rightbuf[rightlen++] = '\r'; + active = !(right_p != NULL && *right_p == 0); + right_p = NULL; + } else if (right_p != NULL && *right_p != 0) { + if (ch == *right_p) + right_p++; + else + right_p = NULL; + } rightbuf[rightlen++] = ch; rightflagcr = (ch == '\r'); } Ciao, Chtephan!
Re: SSL again with tls.patch
At 12:01 01.08.2001, Per-fredrik Pollnow (EPK) wrote: >Hi, > >I think I'm getting on you nerves in this mailing list with my SSL crap, >but I need to get it to work. > >OK, This is what I have done: I have remake qmail-1.03 with tls.patch, and >I replaced the qmail-smtpd and qmail-remote binary. I have done a >/var/qmail/control/servercert.pem (and I have openssl installed (default >in the O/S [OpenBSD2.9] hmm else I couldn't install the cert.)). > >That's it, But I get this error messages in my client: > >Unable to establish a SSL connection with the server. Account: >'136.225.42.56', Server: '136.225.42.56', Protocol: SMTP, Server Response: >'454 TLS not available: missing RSA private key (#4.3.0)', Port: 25, >Secure(SSL): Yes, Server Error: 454, Error Number: 0x800CCC7F > >If someone knows what the problem is, please mail me and the mailing list >a E-mail :=). Incidentally I just got this to work yesterday on a server of mine. I had initial problems too, but I got rid of them with the following steps: - on "make cert" in the patched qmail-1.03 dir, entered the machines hostname for "Common name (...)" - removed "fixcrio" from the qmail-smtpd invocation line (hmm, try removing rblsmtpd too if you use it?) - created /var/qmail/control/tlsserverciphers with "DEFAULT" as the only content I dunno which of the above steps are really necessary, but it works here now with Eudora-5.1 as the client. Now I have to find out how to teach qmail-pop3 TLS... Franz.
SSL again with tls.patch
Hi, I think I'm getting on you nerves in this mailing list with my SSL crap, but I need to get it to work. OK, This is what I have done: I have remake qmail-1.03 with tls.patch, and I replaced the qmail-smtpd and qmail-remote binary. I have done a /var/qmail/control/servercert.pem (and I have openssl installed (default in the O/S [OpenBSD2.9] hmm else I couldn't install the cert.)). That's it, But I get this error messages in my client: Unable to establish a SSL connection with the server. Account: '136.225.42.56', Server: '136.225.42.56', Protocol: SMTP, Server Response: '454 TLS not available: missing RSA private key (#4.3.0)', Port: 25, Secure(SSL): Yes, Server Error: 454, Error Number: 0x800CCC7F If someone knows what the problem is, please mail me and the mailing list a E-mail :=). /Per