On Tue, 19 Apr 2016 15:02:46 +0200 Daniel Jakots <[email protected]> wrote:
> On Tue, 19 Apr 2016 07:45:27 +0100, Stuart Henderson > <[email protected]> wrote: > > > On 2016/04/19 07:54, Vincent Gross wrote: > > > Some people may have witnessed my struggle of the past few days to > > > connect claws-mail to my mail server. Long story short : server > > > only accepts TLS 1.2, claws-mail connects with TLS 1.0. > > > > > > The culprit here is libetpan v1.6, which calls > > > TLSv1_client_method() before the TLS handshake. The diff below > > > fixes the issue, claws-mail happily synchronized my imap folders > > > when applied. > > > > > > Ok ? > > > > Would you mind using the diff that was committed upstream instead? > > It makes it a little easier for future updates (i.e. when they have > > a new release) if the patches are the same. > > > > https://github.com/dinhviethoa/libetpan/commit/7f1f97f4d59d5724af97f4d32424c2841715561c.patch > > > > Needs a REVISION bump too. > > > > claws-mail-wise, it's ok > > here's the diff I used. Vincent, does it fix your problem? Yes, I just compiled libetpan with this diff and claws-mail runs smoothly :) put it in ! > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/libetpan/Makefile,v > retrieving revision 1.19 > diff -u -p -r1.19 Makefile > --- Makefile 11 Mar 2016 19:59:15 -0000 1.19 > +++ Makefile 19 Apr 2016 12:11:32 -0000 > @@ -6,7 +6,7 @@ GH_ACCOUNT= dinhviethoa > GH_PROJECT= libetpan > GH_TAGNAME= 1.6 > DISTNAME= libetpan-1.6 > -REVISION= 0 > +REVISION= 1 > CATEGORIES= mail devel > > SHARED_LIBS= etpan 15.0 > Index: patches/patch-src_data-types_mailstream_ssl_c > =================================================================== > RCS file: patches/patch-src_data-types_mailstream_ssl_c > diff -N patches/patch-src_data-types_mailstream_ssl_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_data-types_mailstream_ssl_c 19 Apr 2016 > 12:11:32 -0000 @@ -0,0 +1,66 @@ > +$OpenBSD$ > + > +When encrypting the connection with STARTTLS the only method > +allowed was TLSv1. Change this to allow TLSv1.2 (or whatever the > +strongest method is). > + > +Additionally tls_data_new() and ssl_data_new() did the same (with > +exception to the nailed method in tls_data_new()), so drop one > +of them. > +https://github.com/dinhviethoa/libetpan/commit/7f1f97f4d59d5724af97f4d32424c2841715561c.patch > + > +--- src/data-types/mailstream_ssl.c.orig Tue Apr 19 14:04:46 > 2016 ++++ src/data-types/mailstream_ssl.c Tue Apr 19 14:03:25 > 2016 +@@ -485,15 +485,21 @@ again: > + static struct mailstream_ssl_data * ssl_data_new(int fd, time_t > timeout, > + void (* callback)(struct mailstream_ssl_context * > ssl_context, void * cb_data), void * cb_data) > + { > +- return ssl_data_new_full(fd, timeout, SSLv23_client_method(), > callback, cb_data); ++ return ssl_data_new_full(fd, timeout, > ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) > ++ TLS_client_method(), > ++#else > ++ /* Despite their name the SSLv23_*method() functions have > nothing to do ++ * with the availability of SSLv2 or SSLv3. > What these functions do is ++ * negotiate with the peer the > highest available SSL/TLS protocol version ++ * available. > The name is as it is for historic reasons. This is a very ++ > * common confusion and is the main reason why these names have been > ++ * deprecated in the latest dev version of OpenSSL. */ > ++ SSLv23_client_method(), ++#endif > ++ callback, cb_data); > + } > + > +-static struct mailstream_ssl_data * tls_data_new(int fd, time_t > timeout, +- void (* callback)(struct mailstream_ssl_context * > ssl_context, void * cb_data), void * cb_data) +-{ > +- return ssl_data_new_full(fd, timeout, TLSv1_client_method(), > callback, cb_data); +-} > +- > + #else > + > + static struct mailstream_ssl_context * > mailstream_ssl_context_new(gnutls_session session, int fd); +@@ > -625,11 +631,6 @@ static struct mailstream_ssl_data * > ssl_data_new(int f > + err: > + return NULL; > + } > +-static struct mailstream_ssl_data * tls_data_new(int fd, time_t > timeout, +- void (* callback)(struct mailstream_ssl_context * > ssl_context, void * cb_data), void * cb_data) +-{ > +- return ssl_data_new(fd, timeout, callback, cb_data); > +-} > + #endif > + > + static void ssl_data_free(struct mailstream_ssl_data * ssl_data) > +@@ -681,10 +682,7 @@ static mailstream_low * > mailstream_low_ssl_open_full(i > + mailstream_low * s; > + struct mailstream_ssl_data * ssl_data; > + > +- if (starttls) > +- ssl_data = tls_data_new(fd, timeout, callback, cb_data); > +- else > +- ssl_data = ssl_data_new(fd, timeout, callback, cb_data); > ++ ssl_data = ssl_data_new(fd, timeout, callback, cb_data); > + > + if (ssl_data == NULL) > + goto err; >
