[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls-cli works but wl hangs



On Sun, 17 Oct 2010 19:58:06 +0200,David Maus <dmaus@ictsoc.de> said:
> [1  <text/plain; US-ASCII (7bit)>]
> At Sat, 2 Oct 2010 10:37:22 +0100,
> mike@mikedeplume.com wrote:
> >
> > On Saturday 02 October 2010 01:08:59 Herbert J. Skuhra wrote:
> > > On Fri, 1 Oct 2010 23:59:21 +0100  wrote:
> > > > On Friday 01 October 2010 20:33:44 Herbert J. Skuhra wrote:
> > > > > On Fri, 1 Oct 2010 17:30:43 +0100  wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I'm trying to get wl to attach to an imap server. The server uses
> > > > > > tls, with plain authentication. I'm running Ubuntu, with emacs 22
> > > > > > and either wl 2.14.10 or wl 2.15.6 (package wl-beta). Both packages
> > > > > > show the same problem.
> > > > > >
> > > > > > The folder definition looks something like:
> > > > > >
> > > > > > %remote_folder:"my.name@example.com"/plain@imap.example.com:993!!
> > > > >
> > > > > Plain is no valid authenticate type. Try clear instead.
> > > > > Other values: login (default), cram-md5, digest-md5 and ntlm.
> > > >
> > > > According to dovecote, 'plain' is perfectly valid. I also manage the imap
> > > > server, so I know that I have set up the server so that it disables
> > > > 'plain' if tls is not used, and enables 'plain' if it is. When I try to
> > > > login without tls I get the correct response that 'plain' is not
> > > > supported. I get no such respopnse when trying tsl, so either wl has not
> > > > got round to asking what the server supports, or it has asked and found
> > > > 'plain' to be accepted.
> > > >
> > > > Here is the capability response from the server:
> > > >
> > > > CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT
> > > > LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS AUTH=PLAIN
> > >
> > > No STARTTLS. When do you see this?
> > > Normally this means the server doesn't support it or you are
> > > connecting via SSL. Or am I wrong?
> >
> > Oops, I hadn't noticed that. Interestingly, when I ask kmail to report on
> > server capabilities it gives me tls instead of ssl. Perhaps I'm being confused
> > by a program that is being too helpful.

> I assume kmail connects to the non-secure IMAP port 143 where the IMAP
> server offers STARTTLS (=inband encryption).  If you connect to 993,
> there is no need for inband encryption and theserver does not
> advertise STARTTLS.

> Connecting to 993 /and/ trying to use STARTTLS does not work, because
> both options are mutually exclusive.

> E.g. try:

> gnutls-cli --insecure -s -p 993 server

> Resolving 'server'...
> Connecting to 'XXX.XXX.XX.XXX:993'...

> - Simple Client Mode:

> So it's either server:993! or server:143!!

> Best,
>   -- David

Thanks for the explanation. I have a successful connection with
993. Now I know why :-)

Mike S.