rfc2595 compliance patch from Daniel Resare <noa@metamatrix.se>

- CAPABILITY should be reissued after starting TLS since the
	  previous call was not protected
This commit is contained in:
Michael Elkins 2001-02-19 18:44:15 +00:00
parent 1db31aabd7
commit 1b97128b47
4 changed files with 127 additions and 4 deletions

116
ChangeLog
View File

@ -1,5 +1,121 @@
2001-02-14 Michael Elkins <me@sigipe.org>
* config.c, imap.c, isync.1, main.c, sync.c:
patch from Daniel Resare <noa@metamatrix.se>:
1 giving a path to a nonexistant rc-file with the -c argument dumps core
The patch adds a check to ensure that the given rc-file is accessible
2 the error messages given from failed openssl calls are bogus
The handles the error from SSL_connect () correctly. The bug is
understndable since the error handling in openssl is quite obfuscated.
Good news is that the documentation manapges has been greatly updated in
the latest version (0.9.6). See in particular err(3), ERR_get_error(3)
and SSL_get_error(3).
Please note that possible SSL_ERROR_SSL type errors from SSL_read() and
SSL_write() is not handled. This should also be fixed.
3 connecting using the STARTTLS command with an imap server that is
configured only to accept the TLSv1 protocol gives an error because isync
sends an SSLv2 Hello message for backwards compability. (This is the case
with the uw-imap 2000 that ships with redhat-7.0)
I've read RFC2595 several times to see if it says something about
compability SSL2/SSL3 hello messages but can't find anything. IMHO the
correct thing to do is change the default to not use SSL2/3 compability
hello when using the STARTTLS command but use it if the imaps port is
used. The patch implements this change
4 repeated calls to SSL_CTX_set_options overwrites the old settings (the
values needs to be ORed together)
fixed in the patch
patch from me@mutt.org:
\Recent messages were put in the cur/ directory instead of new/
give error message when the LOGIN command fails
2001-02-01 Michael Elkins <me@sigipe.org>
* imap.c: patch from Daniel Resare <noa@metamatrix.se>
- don't initialize ssl support if none of use_sslv* is enabled
2001-01-26 Michael Elkins <me@sigipe.org>
* imap.c, isync.h:
include <sys/types.h> for off_t
patch from "lorenzo martignoni" <lorenzo.martignoni@technologist.com>
- fixed uploading of message to IMAP server
2001-01-24 Michael Elkins <me@sigipe.org>
* config.c, cram.c, imap.c, isync.1, list.c, maildir.c, main.c, sync.c:
fixed cram compilation error under bsd
updated man page
2001-01-16 Michael Elkins <me@sigipe.org>
* TODO, config.c, imap.c, isync.1, isync.h, main.c:
added support for tilde (~) expansion in the `Mailbox' and `CertificateFile'
configuration directives
added `Maildir' configuration command to specify the default location of the
user's mailboxes. If a relative path is used in a `Mailbox' command, this
path is used as a prefix.
2001-01-11 Michael Elkins <me@sigipe.org>
* configure.in, imap.c, isync.h:
set imap->prefix to be the namespace prefix
update version to 0.5
fixed compilation warnings in imap.c
* Makefile.am, config.c, imap.c, isync.1, isync.h, main.c, sample.isyncrc, sync.c:
broke config code into config.c
added support for uploading local messages with no UID to the IMAP server
added Expunge configuration option
added CopyDeletedTo configuration option
2001-01-09 Michael Elkins <me@sigipe.org>
* maildir.c, sync.c:
always put changed messages in the cur/ subdirectory since they are no
longer new.
don't set \Seen implicitly for messages in the cur/ folder. Require the S
flag on the message since Mutt will move Old (unread, but not recent)
messges into cur/.
2001-01-08 Michael Elkins <me@sigipe.org>
* Makefile.am, main.c:
patch from Hugo Haas <hugo@larve.net>
-c was not specified in the getopt*() calls
set global password to the one the user inputs and use that as the
default for remaining mailboxes
2001-01-05 Michael Elkins <me@sigipe.org>
* configure.in:
added --with-ssl-dir to specify an alternate installation of OpenSSL
2000-12-31 Michael Elkins <me@sigipe.org>
* ChangeLog, isync.spec:
pre 0.4 commit.
updated rpm spec file
* sync.c:
display how many messages were fetched from the server

1
cram.c
View File

@ -23,6 +23,7 @@
#if HAVE_LIBSSL
#include <string.h>
#include <openssl/hmac.h>
#define ENCODED_SIZE(n) (4*((n+2)/3))

12
imap.c
View File

@ -696,12 +696,18 @@ imap_open (config_t * box, unsigned int minuid, imap_t * imap)
if ((ret = verify_cert (imap->sock->ssl)))
break;
/* to conform to RFC2595 we need to forget all information
* retrieved from CAPABILITY invocations before STARTTLS.
*/
imap->have_namespace = 0;
imap->have_cram = 0;
imap->have_starttls = 0;
imap->sock->use_ssl = 1;
puts ("SSL support enabled");
if (box->use_imaps)
if ((ret = imap_exec (imap, "CAPABILITY")))
break;
if ((ret = imap_exec (imap, "CAPABILITY")))
break;
}
#else
if ((ret = imap_exec (imap, "CAPABILITY")))

View File

@ -114,7 +114,7 @@ read_uid (const char *path, const char *file)
}
ret |= do_lock (fd, F_UNLCK);
close (fd);
return ret ? ret : uid;
return ret ? (unsigned int) ret : uid;
}