Closed Bug 68516 Opened 24 years ago Closed 23 years ago

POP over SSL

Categories

(MailNews Core :: Networking: POP, enhancement)

Product:
MailNews Core
Component:
Networking: POP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: bzbarsky, Assigned: sspitzer)

References

Details

(Keywords: helpwanted)

Attachments

(6 files)

Suggested implementation of POP3 over SSL
3.30 KB, patch
Details | Diff | Splinter Review
Corrected patch / resolved cvs conflict
3.30 KB, patch
Details | Diff | Splinter Review
new version of patch, adding lock icon
10.86 KB, patch
Details | Diff | Splinter Review
Updated patch, without changes to subscribe.css
8.63 KB, patch
Details | Diff | Splinter Review
screen shot 1
17.89 KB, image/gif
Details
screen shot 2
25.04 KB, image/gif
Details 
This is actually a recreation of bug 67422 for clarity.

A number of mail providers are offering POP over stunnel for security reasons. 
Currently Mozilla does not support this.  It would be very nice if it did. 
Looked around a bit, and it looks like pop3s (or spop3) is served on port 995
and is basically just an ssl-wrapped version of the pop protocol.

ccing various people.
adding jgmyers and mscott to the cc list, as they might find this interesting.

I think there is a bug on adding APOP support.  if someone were going to work on
POP, that might be something to work on first or in parallel.

marking helpwanted / future.
Keywords: helpwanted
Target Milestone: --- → Future
APOP is bug 43923
Keywords: patch, review
The patch I attached tries to implement the POP3 over SSL feature. It was
derived from code that I saw in the "imap" and "news" parts of Mozilla that
already support SSL.

The patch is small and straightforward. It enables the checkbox "Use secure
connection (SSL)" in the user interface for POP accounts, as well as the
functionality itself.

I have tested it with my own e-mail provider who allows me to do POP3 over SSL.
It works for me.

I am not sure if we can take this in for this milestone. nominating.
Keywords: nsbeta1
Thanks for working on a patch.  I'm adding the nsbeta1- and keeping the future
because I think we need to try to land this when more people are able to review
this and test this.
Keywords: nsbeta1nsbeta1-
The patch I attached on 2001-06-07 (37600) now causes a cvs conflict, due to new
code meanwhile checked in by someone else.

I resolved the conflict and are attaching a corrected new patch.

To apply the patch, "cd mailnews" and use "patch -p0 < patchfile".

If someone wants to test the feature and is using a RedHat Linux 7.1 x86 system,
just let me know, I can provide a binary distribution based on 0.9.1 with just
this patch added.
Keywords: mozilla0.9.3
hmm seems like my comments from last month never made it in here. I must not
have been logged into bugzilla again. *sigh*.

sr=mscott on this patch.

Naving, what do you think of it? It'd be great if we could get this into .9.4.
the UI changes look good.  I'll test them to make sure them to double check that
UI looks good, and when check and uncheck the "use ssl" checkbox, the port
toggled betweens 110 and 995.  (I'll attach a screen shot later tonight.)

adding jglick for approval.  pop over SSL isn't part of the spec, so we'd need
jglick to aprove the UI changes and amend the spec.

note to jglick, the only difference here is that the check box will show up on
pop servers, like it currently does for news and imap.

we should set this to 0.9.4.

do we have any pop servers running SSL to test against?
It seems ok to me. I will test it and land it in 0.9.4
I know three hosts that provide POP over SSL.

- pop.gmx.net (you can create a freemail account at www.gmx.net)

- pop.web.de  (freemail, www.web.de)

- secure.generalmail.com (commercial, but demo account possible)

In addition, you could install Stunnel (www.stunnel.org) on your local machine
and configure it as a SSL forwarder to your usual mail server.

Use a command line similar to:

  /usr/sbin/stunnel -d 995 -r yourserver:110 -f -P none -D 6 -p stunnel.pem

Then add a mail server at host "127.0.0.1" to your machine, use port 995.

Using this configuration, you can test with any POP3 mailserver.

You need a certificate in PEM format. If you have none available, put the
following into a file named stunnel.pem

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDShFDtGMB8rZncINUUfJiGuieuOjeU9fehbFtx3O4hI5nZTSHL
5J3NrHkA2ZfgLK7N9lyyJD86QTy08dS8VjSVTlID4VwqaN2vzj9WvVgQmYNkVr59
+FsHcuda/2RQLA6URNxR5TYLaOxDDyl1mVzwkILHTjcVhxjSjkBAGqdgYwIDAQAB
AoGAB7JGsyRghS5jnaSlpaYYfXR41unR9mQ3tXMctMD7A8MlcMhdH/MvwcE4e0t5
PfzkNyt2oByrIxoXehYNTQVpzqqgs/OE3uWN3D0rVtbKLBB4j72UnVo5xs080Ual
lVCt+pdrQ8N7PHIpX1MrdOjzRg4uOZBiycqsAuqWjP2I/gECQQDqHfrYkhnf6YAY
8SjWVKKSnY9CK+79lCR/flf8QNqXUUECfBi/IMvt26oGrhgiaK4D1Y/MwtA8a44y
cEU3QwGjAkEA5jGfcrEEvJX4rhXDr1iZw7t/zZbyQWMyjHPa5VgH7iMeitT8KuQb
bnoAZqKs6eZDP7ftt7GUoNCR3SbIcseSQQJAH/5Q1V/B4XOLad0q839FaDvX4/cV
BdpE0pd1dqd2N8+GzswepZ/ZvnuSVK9d5PXhMezxZc4JnvgjyojFLLQfeQJBAM/i
Bn38MSviQDduvk7vM8XY4V0YMWUtoWvIAOnXayn7G00DdUuCvucxVIVb6c49vYOg
phSbUX89fEz9Bk7pvkECQQDPfAqe0GEHrJ7hXt3EoDJ4roRbhzoJKEh0zbjwMY6s
DDV5uz5cTDdh7d1ZdwpYKVXjb9Posl18xiyQU+vNiY6A
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICDzCCAXigAwIBAgIBADANBgkqhkiG9w0BAQQFADBCMQswCQYDVQQGEwJQTDEf
MB0GA1UEChMWU3R1bm5lbCBEZXZlbG9wZXJzIEx0ZDESMBAGA1UEAxMJbG9jYWxo
b3N0MB4XDTk5MDcxMjE3NDcxM1oXDTAwMDcxMTE3NDcxM1owQjELMAkGA1UEBhMC
UEwxHzAdBgNVBAoTFlN0dW5uZWwgRGV2ZWxvcGVycyBMdGQxEjAQBgNVBAMTCWxv
Y2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0oRQ7RjAfK2Z3CDV
FHyYhronrjo3lPX3oWxbcdzuISOZ2U0hy+Sdzax5ANmX4CyuzfZcsiQ/OkE8tPHU
vFY0lU5SA+FcKmjdr84/Vr1YEJmDZFa+ffhbB3LnWv9kUCwOlETcUeU2C2jsQw8p
dZlc8JCCx043FYcY0o5AQBqnYGMCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgZA
MA0GCSqGSIb3DQEBBAUAA4GBALKg6cCoHIcBfXCDs4QhIpIXIxkQDO/ev52xnID5
AH2hJcWonlCWwXRLmh5qwMxMGXb3bJYwUn1VpynNNPN/W1GYeUbyCwR/BEcDbtEy
e0N2RgFZFE+aR9HJKnBWlLSPzxKzcr51/84xi0rrOIPPjaSfgQG8SwVf/ztQ5l4W
c6A+
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MEYCQQDrrhdfWki6qM0XP6zlKCoI42Xbs1QPu7rkOHXyD6SBE33Gzf/j4V8GCjFH
Gr/FatcPF+XcRIeDDCphBfZ3pWD7AgEC
-----END DH PARAMETERS-----

adding mitch@netscape.com to cc list for comments about POP over SSL
I saw another place where a change should be made. This is not functionality but
display. Currently, mailnews displays an icon with a lock symbol if the imap
server uses a secure connection. I changed the stylesheets to add this for pop3
as well.

I simply duplicated all the styles that use icon server-remote-lock.gif and
changed (in the dupe) ServerType to pop3.

To make life easier, I'll include my previous patch once again, because there
are again conflicts with the tree.


good catch about the icon.

the changes to subscribe.css are not necessary, as pop servers don't show up in
the subscribe dialog.
setting to 0.9.4 for naving, since we hope to land during that milestone.
Target Milestone: Future → mozilla0.9.4
actually, can you hold off on the .css changes?

they'll conflict with the changes for #73865, and they'll need to be redone.

once this lands, can you open a new bug on the icon issue?  I'll fix it along 
with #73865.

screen shot coming up for jglick to review.
sorry, just hold off on the folderPane.css changes.  the rest will not conflict.

I'm testing this patch out on a free account, I'll report back in a minute.
with your changes, I was able to check my mail at sspitzer@pop.gmx.co.uk using 
POP over SSL.

your changes for folderMenuItem are valid, but an additional patch to see them 
in action.  (see bug #93061)

again, please don't check in your folderPane.css changes, as it will conflict.

naving, I've got this patch in my local tree.  If you want, I can land it as 
soon as jglick oks the screen shots.
jglick, can you take a look at those screen shots?  the cover the only new UI 
for this feature.
reassign to seth.
Assignee: naving → sspitzer
r=sspitzer, just waiting for jglick to comment on the UI.
Status: NEW → ASSIGNED
Sorry for the delay. Changes look good.  Updating spec. :-)
POP/SSL is probably LESS important than APOP.  I echo John Myers understated
comment,  "APOP is bug 43923".  Please let's not forget APOP.


fixed.

note, not all the UI changes landed.  specifically, the changes to 
folderPane.css did not land.  (so the locked icon will not show up in the 
folder pane.)

I'll open a new bug on that.  I've got the fix for it in my local tree, as part 
of the fix for #73865.

Kai, thanks for the patch!
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
remaing UI issue spun off to #93963
WFM on a fresh WindowsME CVS build.

Thanks Seth! At last I can read my overseas mail without sending a clear text
password. Cool!
 
<spam_mode>
If only APOP support (bug 43923) was added as well, I would be able to read my
local UCSD mail account with Mozilla...
</spam_mode>
QA Contact: esther → sheelar
I opened an account with gmx. I used the preference and checked for ssl. Send 
and received messages to the same account as well as other accounts.  

Build: 2001-08-29-06 win98, mac, linux
Status: RESOLVED → VERIFIED
*** Bug 97985 has been marked as a duplicate of this bug. ***
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: