Closed
Bug 30321
Opened 24 years ago
Closed 24 years ago
support SMTP over SSL
Categories
(SeaMonkey :: MailNews: Message Display, defect, P4)
Tracking
(Not tracked)
VERIFIED
FIXED
M18
People
(Reporter: sspitzer, Assigned: pavlov)
References
Details
(Whiteboard: [nsbeta3+] FIX IN HAND, NEED PLUS!)
Attachments
(2 files)
21.18 KB,
patch
|
Details | Diff | Splinter Review | |
21.22 KB,
patch
|
Details | Diff | Splinter Review |
there are parts to this bug 1) add the trySSL attribute to the nsISmtpServer interface and the implementation (nsSmtpServer) 2) migrate the mail.smtp.ssl pref from 4.x to 5.0 3) the ui to reflect / change the pref. (three states, no ssl, try ssl, always ssl) 4) fix nsSmtpProtocol to use this attribute when opening the network connection. I've got fixes for #1 and #2 in my tree, and I'll check them in for m15. I've got some of the work done for #4 (in my local tree, I've made changes to to allow the connection type to be passed through. I needed to do this for secure news. the affect files are nsPop3Protocol.cpp, nsNNTPProtocol.cpp, nsMsgProtocol.cpp, nsSmtpProtocol.cpp and nsMsgProtocol.h) when I check in my fixes, I'll pass this bug off to someone else for #3 and #4 (or I'll keep it for myself.)
Reporter | ||
Comment 1•24 years ago
|
||
#1 and #2 are fixed and checked in. also, some of the work for #4 is in, but now we need to finish it.
Reporter | ||
Comment 2•24 years ago
|
||
adding lord and mwelch to the cc list, so they know what's going on. they need to tell the BXA (BXA == Bureau of Export Administration, US Dept. of Commerce. http://www.bxa.doc.gov/) they have to keep the feds notified of any changes in crypto functionality.
Reporter | ||
Comment 3•24 years ago
|
||
not going to happen any time soon. moving to m17.
Target Milestone: M17
Reporter | ||
Comment 4•24 years ago
|
||
adding esther to the cc list. esther brings up a good point: if we don't get this working, should we remove the "use secure connection" from the SMTP server panels in the account manager UI?
Comment 5•24 years ago
|
||
Mail Review recommends not in this release. Marking M20.
Target Milestone: M17 → M20
Comment 7•24 years ago
|
||
adding pav - he forgot about smtp :)
Assignee | ||
Comment 8•24 years ago
|
||
yeah, whoops
nominate for nsbeta3. If this will not be implemented in time for release of Netscape 6, we have to remove this checkbox from the Account Setup dlg.
Keywords: nsbeta3
Comment 10•24 years ago
|
||
Pav, comments look like you should own this (Seth is on sabbatical anyway.) Is this something you'd work on in beta3? Please let us know so we can decide +/- for it. Thanks, Steve
Assignee: sspitzer → pavlov
Whiteboard: [b3 need info]
Comment 11•24 years ago
|
||
actually this should belong to me not Pav. I was poking at it over the weekend and I have the client smtp implementation for TLS support ready to go. The problem is that necko currently doesn't allow you to take an existing socket and step it up to a TSL socket. With smtp over ssl, you need this ability. You can't just create a ssl socket right off the bat. You need to connect then step up to TSL if the server says it is okay to do so. So the mailnews work is done. I'm blocked waiting for this ability in necko.
Status: NEW → ASSIGNED
Comment 12•24 years ago
|
||
Scott - what is the necko bug? This way, we can nominate that for nsbeta3+ if we want this bug to be +.
Assignee | ||
Updated•24 years ago
|
Assignee: pavlov → mscott
Status: ASSIGNED → NEW
Assignee | ||
Comment 13•24 years ago
|
||
yes, this should be nsbeta3+. Not having this is something we can't do without. I know how (sorta... i've been told) to do the step up stuff on the PSM side... I believe that the proxy code has to do the stepup, so maybe we can do something similar. Reassigning to mscott since he has this code... Is there a necko/ssl person looking at this?
Comment 14•24 years ago
|
||
I've written the smtp client code to implement this. Someone needs to implement the ability to step up a connection to ssl. This will probably be minused unless someone can step up and do this.
Comment 15•24 years ago
|
||
Clayton, we need help getting an owner for the remainder of this bug. Scott has all the mailnews stuff ready we just need some help from a PSM person to complete it. Once the PSM part is ready, please keep mscott in the loop to coordinate a checkin.
Assignee: mscott → clayton
Severity: normal → blocker
Keywords: mailtrack
Priority: P3 → P2
Whiteboard: [b3 need info]
Comment 16•24 years ago
|
||
Is Clayton going to look at this? I doubt it so I'm CC'ing Patrick Beard to see if he can recommend a PSM resource...
Assignee | ||
Comment 18•24 years ago
|
||
should I take this bug? I know how to do this
Assignee | ||
Comment 20•24 years ago
|
||
Assignee | ||
Comment 21•24 years ago
|
||
here's the first go at this: problems i'm having: 1) I don't want TLSStepUp as a method on nsISocketTransport, but it has to either be there or on the Channel as far as I can tell... (minor) 2) Once we call CMT_TLSStepUp, which seems to have stepped up: ... [21:35:22.136] ssl data 82c5248: Setting up secure socket for this TLS connection. [21:35:22.137] ssl data 82c5248: setting PKCS11 pin arg. [21:35:22.137] ssl data 82c5248: Resetting handshake. [21:35:22.137] ssl data 82c5248: We now have a secure socket. [21:35:22.138] ctrl frontend 82b6ed0: Free ref - rsrcid: 4 --refcnt: 2 [21:35:22.138] ctrl frontend 82b6ed0: queueing reply: type 20003700, len 4. [21:35:22.138] ctrl frontend 82b6ed0: SendQMessage on 82b78d0: prio 0, type 20003700, len 4 [21:35:22.138] ctrl frontend 82b6ed0: SSMControlConnection_ProcessMessage returning rv == 0. [21:35:22.138] ctrl frontend 82b6ed0: waiting for new message from socket. [21:35:22.138] ctrl write 82b6ed0: RecvQMessage on 82b78d0: type 20003700, len 4 [21:35:22.138] ctrl write 82b6ed0: got message for client (type=20003700,len=4). [21:35:22.139] ctrl write 82b6ed0: RecvQMessage on 82b78d0: blocking read at prio -1 but then it waits at: [21:35:22.139] ssl data 82c5248: Polling sockets for pending data. the Mozilla SMTP code no longer gets any data from the server, and it eventually times out.
Comment 22•24 years ago
|
||
nominate for dogfood, since this is keeping some key developers from using the product.
Comment 23•24 years ago
|
||
Here is the log from a successful session (did this using Communicator 4.75 w/ PSM): [15:58:04.531] ssl data 9e0750: setting PKCS11 pin arg. [15:58:04.531] ssl data 9e0750: Resetting handshake. [15:58:04.531] ssl data 9e0750: We now have a secure socket. [15:58:04.531] ctrl frontend 9d8f00: Free ref - rsrcid: 4 --refcnt: 2 [15:58:04.531] ctrl frontend 9d8f00: queueing reply: type 20003700, len 4. [15:58:04.531] ctrl frontend 9d8f00: SendQMessage on 9d8250: prio 0, type 200037 00, len 4 [15:58:04.531] ctrl frontend 9d8f00: SSMControlConnection_ProcessMessage returni ng rv == 0. [15:58:04.531] ctrl frontend 9d8f00: waiting for new message from socket. [15:58:04.531] ctrl write 9d8f00: RecvQMessage on 9d8250: type 20003700, len 4 [15:58:04.531] ctrl write 9d8f00: got message for client (type=20003700,len=4). [15:58:04.531] ctrl write 9d8f00: RecvQMessage on 9d8250: blocking read at prio -1 [15:58:04.531] ssl data 9e0750: Polling sockets for pending data. [15:58:04.531] ssl data 9e0750: Attempting to read 16384 bytes from client socke t. [15:58:04.531] ssl data 9e0750: data: <EHLO netscape.com > Send the data to the target. [15:58:05.000] ssl data 9e0750: checking server cert. [15:58:05.000] ssl data 9e0750: Client authentication callback function called.
Assignee | ||
Comment 24•24 years ago
|
||
Assignee | ||
Comment 25•24 years ago
|
||
here is a working patch. someone please review it.
Status: NEW → ASSIGNED
Keywords: patch
Updated•24 years ago
|
Whiteboard: FIX IN HAND, NEED PLUS!
Comment 26•24 years ago
|
||
[nsbeta3+]
Whiteboard: FIX IN HAND, NEED PLUS! → [nsbeta3+] FIX IN HAND, NEED PLUS!
Comment 27•24 years ago
|
||
the smtp changes you made look good to me. Thanks for taking care of this Pav! r=mscott
Assignee | ||
Comment 28•24 years ago
|
||
r=bryner for the rest. fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 29•24 years ago
|
||
No, I don't think the bug is fixed. The right behavior of smtp TLS support is the first time that the user sends the message the application should challenge the user with his own certificate. User should get a password prompt to access his cert. If the user's certificate is missing or out dated then sending should fail. I don't think we have the cert management working yet. Besides, there is no UI for users to turn on the SMTP SSL. Reopenning the bug...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 30•24 years ago
|
||
I take my words back. We do have cert management in place.
Comment 31•24 years ago
|
||
More on testing... looks like if you already have a valid cert in your psm cert database. It seems work.
Assignee | ||
Comment 32•24 years ago
|
||
why was this reopened? it works.. you have to have psm setup correctly for it to work, just as you would for imap, or any other ssl related things that require you to have a certificate. for the UI part, i think there is another bug filed on that, if not one should be filed.
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Comment 33•24 years ago
|
||
The reasons I open this bug are: 1) if I don't have a cert it allows me to send mail even I have the smtp auth method set to PREF_AUTH_TLS_ONLY. this shouldn't happen. 2) if I have an expired cert it also allows me to send mail. this shouldn't happen. I think we could have separate bug addressing these issues.
Comment 34•24 years ago
|
||
By examing the source code and setting breakpoints in the debbugger. We did support SSL over SMTP. There are couple bugs related to the odd behaviors of expired cert and missing cert which are addressed in another bug. I am marking this bug as verified.
Status: RESOLVED → VERIFIED
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•