[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Soliciting clue for teething problems

To: Erik Hetzner <egh@e6h.org>
Subject: Re: Soliciting clue for teething problems
From: "Niall O'Reilly" <niall.oreilly@ucd.ie>
Date: Fri, 10 Jan 2014 16:30:42 +0000
Cc: wl-en@ml.gentei.org
In-reply-to: <87wqi8mpvs.wl%egh@e6h.org>
References: <877ga9njrz.wl%Niall.oReilly@ucd.ie> <87wqi8mpvs.wl%egh@e6h.org>
Reply-to: wl-en@ml.gentei.org
User-agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.3 Mule/6.0 (HANACHIRUSATO)

On Thu, 09 Jan 2014 20:17:59 -0800, Erik Hetzner wrote:

> It sounds like an SSL problem.

	So it was.

	Here's what I learned for the next beginner to discover in the
	archives.

	Unlike openssl, gnutls-cli fails by default on a self-signed
	certificate unless it is installed in the appropriate place on
	the system where WL is running.  This can be changed by adding
	the "--insecure" option in ssl-program-arguments.

	After installing the certificate for the problematic IMAP
	account, by appending to /etc/ssl/certs/ca-certificates.crt,
	my Ubuntu "reference installation" is working as desired.

	I still have to discover what's failing with SMTP on my
	"target production" OSX Mavericks installation.

> Recent versions of WL use the gnutls
> library included in emacs. I think this probably works best if you
> have it.

	I'll leave that on the "explore later" list.  I believe
	I'm currently using the external gnutls-cli utility.

> The value of elmo-network-stream-type-alist will tell you
> what method is being for ssl (it could be open-gnutls-stream or
> open-tls-stream or open-ssl-stream.

	That seems to be keyed on the same tags as are used in the
	suffix on folder specifications in ~/.folders ("!", "!!",
	"!socks", "!direct").  For SMTP, the variable
	wl-smtp-connection-type seems to be what drives selection of
	SSL/STARTTLS or whatever.  Is there another variable I need to
	look at, or is the SYMBOL element in
	elmo-network-stream-type-alist used to match the connection
	type?

> Searching the mailing list for gnutls or openssl will give you some
> possible solutions. Itʼs likely that if SSL is refusing to connect for
> some security issue.
> 
> It would be really nice if WL didnʼt fail silently with SSL problems,
> but Iʼm not sure the way to fix that.

	For an external utility (gnutls-cli or openssl), and provided
	distinct exit codes were given for the different failure
	modes, WL should test the exit code and warn accordingly.  I
	don't know LISP well enough to know whether that's possible.

	Thanks and best regards,
	Niall

Follow-Ups:
- Re: Soliciting clue for teething problems
  - From: Juergen Fuhrmann <juergen.fuhrmann@wias-berlin.de>
- Re: Soliciting clue for teething problems
  - From: Erik Hetzner <egh@e6h.org>

References:
- Soliciting clue for teething problems
  - From: "Niall O'Reilly" <niall.oreilly@ucd.ie>
- Re: Soliciting clue for teething problems
  - From: Erik Hetzner <egh@e6h.org>

Prev by Date: Re: More WL usage questions
Next by Date: Re: Soliciting clue for teething problems
Previous by thread: Re: Soliciting clue for teething problems
Next by thread: Re: Soliciting clue for teething problems
Index(es):
- Date
- Thread