Opened 6 years ago

Closed 6 years ago

#1485284 closed Feature Patches (fixed)

Add bare-bones STARTTLS support to IMAP

Reported by: chugadie Owned by:
Priority: 5 Milestone: 0.2.2
Component: IMAP connection Version: git-master
Severity: normal Keywords:
Cc: ali

Description

This isn't very good, but it gets the job done. Adds starttls support to the iil_Connect function in program/lib/imap.inc This patch could add some more error handling, and maybe section off the actual stream_* php-5 methods into another function in the imap lib file.

Attachments (2)

starttls_rc.diff (2.4 KB) - added by chugadie 6 years ago.
patch to add starttls commands to imap lib
imap.inc.patch (899 bytes) - added by ali 6 years ago.

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by chugadie

patch to add starttls commands to imap lib

comment:1 Changed 6 years ago by dan

comment:2 Changed 6 years ago by chugadie

The problem with changeset 1031 is that it only distinguishes the name tls from ssl. The names are practically synonymous with each other, I only used the distinction as a flag for the rest of the "STARTTLS" command functionality. Changeset 1031 would help the configurations remain separate, but it is not full "STARTTLS" functionality.

Some IMAP servers (like mine) don't encrypt the entire TCP connection, but they do start and SSL handshake when they receive the command STARTTLS. (Capabilities for this are specified by EHLO)

My patch looks for the STARTTLS capability and tries to send the STARTTLS command when the configuration parameter is "tls" as opposed to "ssl" (I just invented the difference between those two for my own settings and testing. Then the patch uses PHP5's socket encryption techniques to encrypt the remainder of the IMAP conversation.

Changed 6 years ago by ali

comment:3 Changed 6 years ago by ali

  • Cc ali added
  • Component changed from Client Scripts to IMAP connection
  • Version changed from 0.2-alpha to svn-trunk

Hi,

While facing the same STARTTLS issue, I've found on dev list[1][2] that Francis Russell has submitted a patch for the same purpose.

Maybe STARTTLS support could be now part of trunk?

[1] http://lists.roundcube.net/mail-archive/dev/2009-01/0000013.html
[2] http://lists.roundcube.net/mail-archive/dev/2009-01/0000016.html

Regards,

--
Ali Mdidech

comment:4 Changed 6 years ago by alec

  • Milestone changed from later to 0.2.2
  • Resolution set to fixed
  • Status changed from new to closed

Applied in [f86e8f5f] with small modification which allows to skip STARTTLS when we don't need it.

Note: See TracTickets for help on using tickets.