[Commits] (heikki) Bug 1731, enable IMAP over SSL. This is not yet secure, though, because we use the default (insecure) SSL context settings, and don't do enough certificate validation.

commits at osafoundation.org commits at osafoundation.org
Fri Aug 13 14:09:00 PDT 2004


Commit by: heikki
Modified files:
chandler/parcels/osaf/contentmodel/mail/parcel.xml 1.43 1.44
chandler/parcels/osaf/contentmodel/tests/TestMail.py 1.17 1.18
chandler/parcels/osaf/mail/imap.py 1.7 1.8
chandler/parcels/osaf/mail/parcel.xml 1.13 1.14

Log message:
Bug 1731, enable IMAP over SSL. This is not yet secure, though, because we use the default (insecure) SSL context settings, and don't do enough certificate validation.

ViewCVS links:
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/contentmodel/mail/parcel.xml.diff?r1=text&tr1=1.43&r2=text&tr2=1.44
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/contentmodel/tests/TestMail.py.diff?r1=text&tr1=1.17&r2=text&tr2=1.18
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/imap.py.diff?r1=text&tr1=1.7&r2=text&tr2=1.8
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/parcel.xml.diff?r1=text&tr1=1.13&r2=text&tr2=1.14

Index: chandler/parcels/osaf/contentmodel/tests/TestMail.py
diff -u chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.17 chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.18
--- chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.17	Fri Aug 13 12:03:03 2004
+++ chandler/parcels/osaf/contentmodel/tests/TestMail.py	Fri Aug 13 14:08:58 2004
@@ -2,8 +2,8 @@
 Unit tests for mail
 """
 
-__revision__  = "$Revision: 1.17 $"
-__date__      = "$Date: 2004/08/13 19:03:03 $"
+__revision__  = "$Revision: 1.18 $"
+__date__      = "$Date: 2004/08/13 21:08:58 $"
 __copyright__ = "Copyright (c) 2003 Open Source Applications Foundation"
 __license__   = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
 
@@ -185,7 +185,7 @@
         if type(account) == Mail.AccountBase:
             account.port = 1
             account.portSSL = 1
-            account.useSSL = False
+            account.useSSL = 'NoSSL'
 
         if type(account) == Mail.SMTPAccount:
             account.fullName = "test"

Index: chandler/parcels/osaf/mail/imap.py
diff -u chandler/parcels/osaf/mail/imap.py:1.7 chandler/parcels/osaf/mail/imap.py:1.8
--- chandler/parcels/osaf/mail/imap.py:1.7	Fri Aug 13 07:41:01 2004
+++ chandler/parcels/osaf/mail/imap.py	Fri Aug 13 14:08:58 2004
@@ -1,5 +1,5 @@
-__revision__  = "$Revision: 1.7 $"
-__date__      = "$Date: 2004/08/13 14:41:01 $"
+__revision__  = "$Revision: 1.8 $"
+__date__      = "$Date: 2004/08/13 21:08:58 $"
 __copyright__ = "Copyright (c) 2004 Open Source Applications Foundation"
 __license__   = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
 
@@ -8,6 +8,7 @@
 import twisted.internet.defer as defer
 import twisted.internet.reactor as reactor
 import twisted.internet.protocol as protocol
+import twisted.internet.ssl as ssl
 import twisted.mail.imap4 as imap4
 import repository.persistence.RepositoryView as RepositoryView
 import mx.DateTime as DateTime
@@ -20,6 +21,10 @@
 
 class ChandlerIMAP4Client(imap4.IMAP4Client):
 
+    def __init__(self, contextFactory, useSSL):
+        imap4.IMAP4Client.__init__(self, contextFactory)
+        self.useSSL = useSSL
+
     def serverGreeting(self, caps):
         """
         This method overides C{imap4.IMAP4Client}.
@@ -32,7 +37,8 @@
         @return C{None}
         """
 
-        self.serverCapabilities =  self.__disableTLS(caps)
+        if self.useSSL == 'NoSSL':
+            self.serverCapabilities =  self.__disableTLS(caps)
 
         d = defer.Deferred()
         d.addCallback(self.factory.callback, self)
@@ -59,7 +65,7 @@
 class ChandlerIMAP4Factory(protocol.ClientFactory):
     protocol = ChandlerIMAP4Client
 
-    def __init__(self, callback, errback):
+    def __init__(self, callback, errback, useSSL):
         """
         A C{protocol.ClientFactory} that creates C{ChandlerIMAP4Client} instances
         and stores the callback and errback to be used by the C{ChandlerIMAP4Client} instances
@@ -75,9 +81,13 @@
 
         self.callback = callback
         self.errback = errback
+        self.useSSL = useSSL
 
     def buildProtocol(self, addr):
-        p = self.protocol()
+        if self.useSSL == 'NoSSL':
+            p = self.protocol(contextFactory=None, useSSL=self.useSSL)
+        else:
+            p = self.protocol(ssl.ClientContextFactory(useM2=1), self.useSSL)
         p.factory = self
         return p
 
@@ -144,8 +154,10 @@
 
             self.account.setPinned()
 
-            host  = self.account.host
-            port = self.account.port
+            host    = self.account.host
+            port    = self.account.port
+            useSSL  = self.account.useSSL
+            portSSL = self.account.portSSL            
 
             if __debug__:
                 self.printAccount()
@@ -153,8 +165,13 @@
         finally:
             self.restorePreviousView()
 
-        factory = ChandlerIMAP4Factory(self.loginClient, self.catchErrors)
-        reactor.connectTCP(host, port, factory)
+        factory = ChandlerIMAP4Factory(self.loginClient, self.catchErrors,
+                                       useSSL)
+        if useSSL == 'SSL':
+            reactor.connectSSL(host, portSSL, factory,
+                               ssl.ClientContextFactory(useM2=1))
+        else:
+            reactor.connectTCP(host, port, factory)
  
     def printAccount(self):
         """
@@ -170,6 +187,8 @@
 
         str  = "\nHost: %s\n" % self.account.host
         str += "Port: %d\n" % self.account.port
+        str += "PortSSL: %d\n" % self.account.portSSL
+        str += "SSL: %s\n" % self.account.useSSL
         str += "Username: %s\n" % self.account.username
         str += "Password: %s\n" % self.account.password
 

Index: chandler/parcels/osaf/mail/parcel.xml
diff -u chandler/parcels/osaf/mail/parcel.xml:1.13 chandler/parcels/osaf/mail/parcel.xml:1.14
--- chandler/parcels/osaf/mail/parcel.xml:1.13	Fri Aug 13 07:41:01 2004
+++ chandler/parcels/osaf/mail/parcel.xml	Fri Aug 13 14:08:59 2004
@@ -12,7 +12,7 @@
     <content:username>osafuser</content:username>
     <content:password>chandler</content:password>
     <content:port>143</content:port>
-    <content:useSSL>False</content:useSSL>
+    <content:useSSL>NoSSL</content:useSSL>
   </content:IMAPAccount>
 
   <task:Task itsName="IMAPMailClient">

Index: chandler/parcels/osaf/contentmodel/mail/parcel.xml
diff -u chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.43 chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.44
--- chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.43	Fri Aug 13 12:03:32 2004
+++ chandler/parcels/osaf/contentmodel/mail/parcel.xml	Fri Aug 13 14:08:58 2004
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
 
-<!-- $Revision: 1.43 $ -->
-<!-- $Date: 2004/08/13 19:03:32 $ -->
+<!-- $Revision: 1.44 $ -->
+<!-- $Date: 2004/08/13 21:08:58 $ -->
 <!-- Copyright (c) 2003 Open Source Applications Foundation -->
 <!-- License: http://osafoundation.org/Chandler_0.1_license_terms.htm -->
 
@@ -59,13 +59,24 @@
             <description value="The SSL port number to use" />
             <type ref="Integer" />
             <initialValue ref="None" />
+            <issues>Heikki: This seems like a needless complication. The IMAP/IMAP over SSL port numbers are standards, and could be hardcoded for defaults. If user has not touched port number, then useSSL attribute would select which default port number to use. Look at Mozilla Mail, for example.</issues>
         </Attribute>
 
+        <Enumeration itsName="useSSLEnumType">
+            <values>NoSSL</values>
+            <values>ServerSTARTTLS</values>
+            <values>SSL</values>
+            <issues>Heikki: I don't like the name of this enumeration or the values.</issues>
+            <issues>Heikki: Do we need TLS value as well? Or should that be covered by a global user pref (what SSL/TLS versions to use)?</issues>
+            <issues>Heikki: ServerSTARTTLS is something that I don't know if any other email clients supports. It basically means that we start connection in non-SSL mode, but if the server sends STARTTLS to us we will try to switch to TLS.</issues>
+        </Enumeration>
+
         <Attribute itsName="useSSL">
-            <displayName value="use SSL" />
-            <description value="Whether or not to use SSL" />
-            <type ref="Boolean" />
-            <initialValue type="Boolean" value="False" />
+            <displayName value="Use secure connection (SSL/TLS)" />
+            <description value="Whether or not to use SSL/TLS" />
+            <type ref="mail:AccountBase/useSSLEnumType" />
+            <initialValue type="mail:AccountBase/useSSLEnumType">NoSSL</initialValue>
+            <issues>ServerSTARTTLS should be default value, but we make NoSSL default to make debugging/testing easier. Should be switched before we make any publicly usable versions available.</issues>
         </Attribute>
 
         <Attribute itsName="pollingFrequency">



More information about the Commits mailing list