Closed Bug 556491 Opened 10 years ago Closed 10 years ago
Config() only finds first AUTH method for SMTP
Reproduction: 1. Start account creation wizard 2. Enter "firstname.lastname@example.org" as email address, and [Continue] 3. Click on [Manual Setup] 4. in Account Manager, to to Outgoing SMTP servers and check the new server. Check which SMTP server and specifically which password authentication is used. Actual result: Unencrypted password is used Expected result: Encrypted password is used Server: netcat smtp.fastwebnet.it 25, and entering "EHLO foo" gives: ... 250-AUTH=LOGIN 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN ... Implementation: From the code, I think that the first AUTH= line is irrelevant. We used regexp e.g. "AUTH CRAM-MD5" so we wouldn't match the first line anyways (to my knowledge "AUTH " is correct, and IMAP used "AUTH="). However, we wouldn't match the second line either, because it starts with "AUTH LOGIN". IMAP repeats the "AUTH" and uses "AUTH=LOGIN AUTH=CRAM-MD5", but not so SMTP. So, we need to relax the regexp.
This fixes the problem. From what I understand, this problem existed in 3.0, too. Please give this bug precedence in review, as it's needlessly using an insecure setup.
Assignee: nobody → ben.bucksch
Status: NEW → ASSIGNED
Attachment #436451 - Flags: review?(bwinton)
Comment on attachment 436451 [details] [diff] [review] Fix, v1 Yeah, it could be better, but that's a followup bug. r=me.
Attachment #436451 - Flags: review?(bwinton) → review+
Commited as <http://hg.mozilla.org/comm-central/rev/0d37fec98367>. FIXED I will file a followup bug for making the regexps match more precisely (less wildly), or feel free to file it.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Followup bug filed as Bug 556531.
Attachment #436451 - Flags: approval-thunderbird3.0.5+
Comment on attachment 436451 [details] [diff] [review] Fix, v1 This looks like a good fix to get into 3.0.5. a=Standard8.
The code changed in 3.1, so this is the corresponding 3.0 version of the patch.
Commited to 3.0 <http://hg.mozilla.org/releases/comm-1.9.1/rev/d923bd468843>
You need to log in before you can comment on or make changes to this bug.