[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls-cli works but wl hangs



At Sat, 2 Oct 2010 10:37:22 +0100,
mike@mikedeplume.com wrote:
>
> On Saturday 02 October 2010 01:08:59 Herbert J. Skuhra wrote:
> > On Fri, 1 Oct 2010 23:59:21 +0100  wrote:
> > > On Friday 01 October 2010 20:33:44 Herbert J. Skuhra wrote:
> > > > On Fri, 1 Oct 2010 17:30:43 +0100  wrote:
> > > > > Hi,
> > > > >
> > > > > I'm trying to get wl to attach to an imap server. The server uses
> > > > > tls, with plain authentication. I'm running Ubuntu, with emacs 22
> > > > > and either wl 2.14.10 or wl 2.15.6 (package wl-beta). Both packages
> > > > > show the same problem.
> > > > >
> > > > > The folder definition looks something like:
> > > > >
> > > > > %remote_folder:"my.name@example.com"/plain@imap.example.com:993!!
> > > >
> > > > Plain is no valid authenticate type. Try clear instead.
> > > > Other values: login (default), cram-md5, digest-md5 and ntlm.
> > >
> > > According to dovecote, 'plain' is perfectly valid. I also manage the imap
> > > server, so I know that I have set up the server so that it disables
> > > 'plain' if tls is not used, and enables 'plain' if it is. When I try to
> > > login without tls I get the correct response that 'plain' is not
> > > supported. I get no such respopnse when trying tsl, so either wl has not
> > > got round to asking what the server supports, or it has asked and found
> > > 'plain' to be accepted.
> > >
> > > Here is the capability response from the server:
> > >
> > > CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT
> > > LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS AUTH=PLAIN
> >
> > No STARTTLS. When do you see this?
> > Normally this means the server doesn't support it or you are
> > connecting via SSL. Or am I wrong?
>
> Oops, I hadn't noticed that. Interestingly, when I ask kmail to report on
> server capabilities it gives me tls instead of ssl. Perhaps I'm being confused
> by a program that is being too helpful.

I assume kmail connects to the non-secure IMAP port 143 where the IMAP
server offers STARTTLS (=inband encryption).  If you connect to 993,
there is no need for inband encryption and theserver does not
advertise STARTTLS.

Connecting to 993 /and/ trying to use STARTTLS does not work, because
both options are mutually exclusive.

E.g. try:

gnutls-cli --insecure -s -p 993 server

Resolving 'server'...
Connecting to 'XXX.XXX.XX.XXX:993'...

- Simple Client Mode:

So it's either server:993! or server:143!!

Best,
  -- David
--
OpenPGP... 0x99ADB83B5A4478E6
Jabber.... dmjena@jabber.org
Email..... dmaus@ictsoc.de

Attachment: pgpJtphgEHnht.pgp
Description: PGP signature