[Bug 44335] Re: IMAP/POP3+SSL/TLS are disabled

Sat, 24 May 2008 12:56:09 -0700 

I took 
http://savannah.nongnu.org/download/mailnotify/mail-notification-5.4.tar.bz2 
(most recent) and add gnutls (2.0.4 as installed in hardy) support.
It works for me but I'm pretty sure that there are still some bugs around I 
somehow missed, so better somebody else looks over it before applying it.

I basically added a new option "gnutls" parallel to "ssl" (=> openssl), where 
gnutls suppresses ssl in auto configuration.
Next, I replaced all #if WITH_SSL (and similar) definitions with #if WITH_SSL 
|| WITH_GNUTLS. (These changes also applied to the code generated from gob, as 
I don't have gob2 2.1.16) .
Further, jbsrc/lib/src/extra/jb-gnutls.{c,h} and src/mn-gnutls.{c,h} got added, 
the latter contains some useful functions for cert verification and the default 
cert path.
In src/mn-client-session.{c,h} I seperated WITH_SSL and WITH_GNUTLS and rewrote 
the code for gnutls.

There are three major points about it:
 * gnutls 2.0.4 does not have all functions given in online api of gnutls nor 
do the examples work
   (gnutls-doc-2.0.4 is somehow incomplete regarding api listing).
 * cert chain verification needs to be cared for by mail-notification, e.g. 
reading ca certs from /etc/ssl/certs etc.
    I decided not to use gnutls_certificate_verify_peers2 due to
     
http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/
 ,
    which was really slow on my machine. Perhaps this could be changed some day.
 * check_hostname is not used as I didn't figure out how to extract the 
common_name and altName(s)  
    correctly but use gnutls_x509_crt_check_hostname. I don't know if 
gnutls_x509_crt_check_hostname supports wildcards.
   

** Attachment added: "Add gnutls support to mail notification 5.4"
   http://launchpadlibrarian.net/14691704/mail-notification-add-gnutls.diff

-- 
IMAP/POP3+SSL/TLS are disabled
https://bugs.launchpad.net/bugs/44335
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to