On Thu, Jun 27, 2013 at 11:50:48AM +0530, [email protected] wrote: > On Wed, Jun 26, 2013 at 09:08:20PM -0400, James Turner wrote: > > On Wed, Jun 26, 2013 at 08:36:48PM -0400, James Turner wrote: > > > On Thu, Jun 27, 2013 at 12:07:14AM +0530, [email protected] wrote: > > > > Hello, > > > > > > > > This is an implementation of RFC1939 with pop3s(port 995) support > > > > out of box. The DESIGN document outlines the processes setup and > > > > imsg exchange. It needs a user named "_pop3d", a certificate named > > > > "server.crt" in /etc/ssl and its key named "server.key" in > > > > /etc/ssl/private to run. Tested with fdm, fetchmail, getmail, mutt > > > > packages and mail clients on Andriod, iPhone and Nokia(symbian). > > > > > > > > Comments? > > > > > > > > Source: https://poolp.org/~sunil/pop3d.tar.gz > > > > mercurial repository: https://bitbucket.org/nimsun/pop3d/src > > > > uuencoded gzipped tar file follows. > > > > > > > > > > Just trying things out now. In ssl.c, pop3s.crt and pop3s.key are > > > hard coded in the fatal() calls, those should probably use CERTFILE and > > > KEYFILE respectively. > > Fixed, thanks. > > > > -- > > > James Turner > > > > > > > Now that I've had a chance to play with it for a bit a couple things > > I've ran into. > > > > First, if you connect to port 995 with telnet instead of say openssl > > s_client and issue any command pop3d dies and leaves the following > > "fatal: session lost". Even running ^] from telnet after connecting is > > enough to cause this behavior. > > TLS handshake failed with an IO_ERROR, but the daemon shouldn't fatal. > Converted it to a log_debug. > > > > > Second, below is a openssl s_client session. Everything is good up until > > the point when I issue RETR 1. I then get disconnected with the below > > message. I'm using a self-signed cert if that matters. > > > > openssl s_client -connect localhost:995 > > CONNECTED(00000003) > > > > ...lots of cert stuff... > > > > +OK pop3d ready > > USER james > > +OK > > PASS notmypassword > > +OK > > LIST > > +OK > > 1 599 > > .. > > > > Not sure why your message is truncated here while using fdm with pop3d. > I could read complete message on Nokia though. Will investigate. >
Thanks for fixing the first couple of issues, those all look good. The last issue seems to be a problem with openssl and TLSv1 renegotiations. It seems one fix is to use SSL_OP_NO_TLSv1 or we need to apply a similar patch to this one [0] to ssl/s3_pkt.c to ignore the version check during renegotiation. Looks like the [0] fix is in openssl 1.0.1c. [0] http://cvs.openssl.org/chngview?cn=22565 -- James Turner
