Closed Bug 30321 Opened 24 years ago Closed 24 years ago

support SMTP over SSL

Categories

(SeaMonkey :: MailNews: Message Display, defect, P4)

x86
All
defect

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: sspitzer, Assigned: pavlov)

References

Details

(Whiteboard: [nsbeta3+] FIX IN HAND, NEED PLUS!)

Attachments

(2 files)

there are parts to this bug


1) add the trySSL attribute to the nsISmtpServer interface and the
implementation (nsSmtpServer)
2) migrate the mail.smtp.ssl pref from 4.x to 5.0
3) the ui to reflect / change the pref.  (three states, no ssl, try ssl, always
ssl)
4) fix nsSmtpProtocol to use this attribute when opening the network connection.

I've got fixes for #1 and #2 in my tree, and I'll check them in for m15.

I've got some of the work done for #4 (in my local tree, I've made changes to to
allow the connection type to be passed through.  I needed to do this for secure
news.  the affect files are nsPop3Protocol.cpp, nsNNTPProtocol.cpp,
nsMsgProtocol.cpp, nsSmtpProtocol.cpp and nsMsgProtocol.h)

when I check in my fixes, I'll pass this bug off to someone else for #3 and #4
(or I'll keep it for myself.)
#1 and #2 are fixed and checked in.  also, some of the work for #4 is in, but
now we need to finish it.
adding lord and mwelch to the cc list, so they know what's going on.

they need to tell the BXA (BXA == Bureau of Export Administration, US Dept. of
Commerce. http://www.bxa.doc.gov/) 

they have to keep the feds notified of any changes in crypto functionality.
not going to happen any time soon.  moving to m17.
Target Milestone: M17
adding esther to the cc list.

esther brings up a good point:  if we don't get this working, should we remove
the "use secure connection" from the SMTP server panels in the account manager UI?
Mail Review recommends not in this release.  Marking M20.
Target Milestone: M17 → M20
*** Bug 45684 has been marked as a duplicate of this bug. ***
adding pav - he forgot about smtp :)
yeah, whoops
nominate for nsbeta3.  If this will not be implemented in time for release of 
Netscape 6, we have to remove this checkbox from the Account Setup dlg.
Keywords: nsbeta3
Pav, comments look like you should own this (Seth is on sabbatical anyway.)  Is 
this something you'd work on in beta3?  Please let us know so we can decide +/- 
for it.  Thanks,  Steve
Assignee: sspitzer → pavlov
Whiteboard: [b3 need info]
actually this should belong to me not Pav.

I was poking at it over the weekend and I have the client smtp implementation
for TLS support ready to go. The problem is that necko currently doesn't allow
you to take an existing socket and step it up to a TSL socket.

With smtp over ssl, you need this ability. You can't just create a ssl socket
right off the bat. You need to connect then step up to TSL if the server says it
is okay to do so.

So the mailnews work is done. I'm blocked waiting for this ability in necko. 
Status: NEW → ASSIGNED
Scott - what is the necko bug?  This way, we can nominate that for nsbeta3+ if 
we want this bug to be +.
Assignee: pavlov → mscott
Status: ASSIGNED → NEW
yes, this should be nsbeta3+.  Not having this is something we can't do
without.  I know how (sorta... i've been told) to do the step up stuff on the
PSM side... I believe that the proxy code has to do the stepup, so maybe we can
do something similar.  Reassigning to mscott since he has this code... Is there
a necko/ssl person looking at this?
I've written the smtp client code to implement this. Someone needs to implement
the ability to step up a connection to ssl.

This will probably be minused unless someone can step up and do this. 
Clayton, we need help getting an owner for the remainder of this bug.  Scott has 
all the mailnews stuff ready we just need some help from a PSM person to 
complete it.  Once the PSM part is ready, please keep mscott in the loop to 
coordinate a checkin.
Assignee: mscott → clayton
Severity: normal → blocker
Keywords: mailtrack
Priority: P3 → P2
Whiteboard: [b3 need info]
Is Clayton going to look at this? I doubt it so I'm CC'ing Patrick Beard to see 
if he can recommend a PSM resource...
Dividing up claytons bugs to triage.
Assignee: clayton → rods
should I take this bug?  I know how to do this
taking bug.  I have this almost working
Assignee: rods → pavlov
here's the first go at this:

problems i'm having:
1) I don't want TLSStepUp as a method on nsISocketTransport, but it has to
either be there or on the Channel as far as I can tell... (minor)
2) Once we call CMT_TLSStepUp, which seems to have stepped up:
...
 [21:35:22.136] ssl data 82c5248: Setting up secure socket for this TLS
connection.
 [21:35:22.137] ssl data 82c5248: setting PKCS11 pin arg.
 [21:35:22.137] ssl data 82c5248: Resetting handshake.
 [21:35:22.137] ssl data 82c5248: We now have a secure socket.
 [21:35:22.138] ctrl frontend 82b6ed0: Free ref - rsrcid: 4 --refcnt: 2
 [21:35:22.138] ctrl frontend 82b6ed0: queueing reply: type 20003700, len 4.
 [21:35:22.138] ctrl frontend 82b6ed0: SendQMessage on 82b78d0: prio 0, type
20003700, len 4
 [21:35:22.138] ctrl frontend 82b6ed0: SSMControlConnection_ProcessMessage
returning rv == 0.
 [21:35:22.138] ctrl frontend 82b6ed0: waiting for new message from socket.
 [21:35:22.138] ctrl write 82b6ed0: RecvQMessage on 82b78d0: type 20003700, len
4
 [21:35:22.138] ctrl write 82b6ed0: got message for client
(type=20003700,len=4).
 [21:35:22.139] ctrl write 82b6ed0: RecvQMessage on 82b78d0: blocking read at
prio -1
but then it waits at:
 [21:35:22.139] ssl data 82c5248: Polling sockets for pending data.

the Mozilla SMTP code no longer gets any data from the server, and it eventually
times out.
nominate for dogfood, since this is keeping some key developers from using the
product.
Keywords: dogfood
Priority: P2 → P4
Target Milestone: M20 → M18
Here is the log from a successful session (did this using Communicator 4.75 w/ 
PSM):

[15:58:04.531] ssl data 9e0750: setting PKCS11 pin arg.
[15:58:04.531] ssl data 9e0750: Resetting handshake.
[15:58:04.531] ssl data 9e0750: We now have a secure socket.
[15:58:04.531] ctrl frontend 9d8f00: Free ref - rsrcid: 4 --refcnt: 2
[15:58:04.531] ctrl frontend 9d8f00: queueing reply: type 20003700, len 4.
[15:58:04.531] ctrl frontend 9d8f00: SendQMessage on 9d8250: prio 0, type 200037
00, len 4
[15:58:04.531] ctrl frontend 9d8f00: SSMControlConnection_ProcessMessage returni
ng rv == 0.
[15:58:04.531] ctrl frontend 9d8f00: waiting for new message from socket.
[15:58:04.531] ctrl write 9d8f00: RecvQMessage on 9d8250: type 20003700, len 4
[15:58:04.531] ctrl write 9d8f00: got message for client (type=20003700,len=4).
[15:58:04.531] ctrl write 9d8f00: RecvQMessage on 9d8250: blocking read at prio
-1
[15:58:04.531] ssl data 9e0750: Polling sockets for pending data.
[15:58:04.531] ssl data 9e0750: Attempting to read 16384 bytes from client socke
t.
[15:58:04.531] ssl data 9e0750: data: <EHLO netscape.com
>
Send the data to the target.
[15:58:05.000] ssl data 9e0750: checking server cert.
[15:58:05.000] ssl data 9e0750: Client authentication callback function called.
here is a working patch.  someone please review it.
Status: NEW → ASSIGNED
Keywords: patch
Whiteboard: FIX IN HAND, NEED PLUS!
[nsbeta3+]
Whiteboard: FIX IN HAND, NEED PLUS! → [nsbeta3+] FIX IN HAND, NEED PLUS!
the smtp changes you made look good to me. Thanks for taking care of this Pav!
r=mscott
r=bryner for the rest.  fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
No, I don't think the bug is fixed. The right behavior of smtp TLS support is
the first time that the user sends the message the application should challenge
the user with his own certificate. User should get a password prompt to access
his cert. If the user's certificate is missing or out dated then sending should
fail. I don't think we have the cert management working yet. Besides, there is
no UI for users to turn on the SMTP SSL. Reopenning the bug...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I take my words back. We do have cert management in place.
More on testing... looks like if you already have a valid cert in your psm cert 
database. It seems work.
why was this reopened?  it works.. you have to have psm setup correctly for it
to work, just as you would for imap, or any other ssl related things that
require you to have a certificate.  for the UI part, i think there is another
bug filed on that, if not one should be filed.
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
The reasons I open this bug are:

1) if I don't have a cert it allows me to send mail even I have the smtp auth
method set to PREF_AUTH_TLS_ONLY. this shouldn't happen.
2) if I have an expired cert it also allows me to send mail. this shouldn't happen.

I think we could have separate bug addressing these issues.
By examing the source code and setting breakpoints in the debbugger. We did 
support SSL over SMTP. There are couple bugs related to the odd behaviors of 
expired cert and missing cert which are addressed in another bug. I am marking 
this bug as verified.
Status: RESOLVED → VERIFIED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: