[Commits] (heikki) Bug 1731,
enable IMAP over SSL. This is not yet secure, though,
because we use the default (insecure) SSL context settings,
and don't do enough certificate validation.
commits at osafoundation.org
commits at osafoundation.org
Fri Aug 13 14:09:00 PDT 2004
Commit by: heikki
Modified files:
chandler/parcels/osaf/contentmodel/mail/parcel.xml 1.43 1.44
chandler/parcels/osaf/contentmodel/tests/TestMail.py 1.17 1.18
chandler/parcels/osaf/mail/imap.py 1.7 1.8
chandler/parcels/osaf/mail/parcel.xml 1.13 1.14
Log message:
Bug 1731, enable IMAP over SSL. This is not yet secure, though, because we use the default (insecure) SSL context settings, and don't do enough certificate validation.
ViewCVS links:
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/contentmodel/mail/parcel.xml.diff?r1=text&tr1=1.43&r2=text&tr2=1.44
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/contentmodel/tests/TestMail.py.diff?r1=text&tr1=1.17&r2=text&tr2=1.18
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/imap.py.diff?r1=text&tr1=1.7&r2=text&tr2=1.8
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/parcel.xml.diff?r1=text&tr1=1.13&r2=text&tr2=1.14
Index: chandler/parcels/osaf/contentmodel/tests/TestMail.py
diff -u chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.17 chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.18
--- chandler/parcels/osaf/contentmodel/tests/TestMail.py:1.17 Fri Aug 13 12:03:03 2004
+++ chandler/parcels/osaf/contentmodel/tests/TestMail.py Fri Aug 13 14:08:58 2004
@@ -2,8 +2,8 @@
Unit tests for mail
"""
-__revision__ = "$Revision: 1.17 $"
-__date__ = "$Date: 2004/08/13 19:03:03 $"
+__revision__ = "$Revision: 1.18 $"
+__date__ = "$Date: 2004/08/13 21:08:58 $"
__copyright__ = "Copyright (c) 2003 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -185,7 +185,7 @@
if type(account) == Mail.AccountBase:
account.port = 1
account.portSSL = 1
- account.useSSL = False
+ account.useSSL = 'NoSSL'
if type(account) == Mail.SMTPAccount:
account.fullName = "test"
Index: chandler/parcels/osaf/mail/imap.py
diff -u chandler/parcels/osaf/mail/imap.py:1.7 chandler/parcels/osaf/mail/imap.py:1.8
--- chandler/parcels/osaf/mail/imap.py:1.7 Fri Aug 13 07:41:01 2004
+++ chandler/parcels/osaf/mail/imap.py Fri Aug 13 14:08:58 2004
@@ -1,5 +1,5 @@
-__revision__ = "$Revision: 1.7 $"
-__date__ = "$Date: 2004/08/13 14:41:01 $"
+__revision__ = "$Revision: 1.8 $"
+__date__ = "$Date: 2004/08/13 21:08:58 $"
__copyright__ = "Copyright (c) 2004 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -8,6 +8,7 @@
import twisted.internet.defer as defer
import twisted.internet.reactor as reactor
import twisted.internet.protocol as protocol
+import twisted.internet.ssl as ssl
import twisted.mail.imap4 as imap4
import repository.persistence.RepositoryView as RepositoryView
import mx.DateTime as DateTime
@@ -20,6 +21,10 @@
class ChandlerIMAP4Client(imap4.IMAP4Client):
+ def __init__(self, contextFactory, useSSL):
+ imap4.IMAP4Client.__init__(self, contextFactory)
+ self.useSSL = useSSL
+
def serverGreeting(self, caps):
"""
This method overides C{imap4.IMAP4Client}.
@@ -32,7 +37,8 @@
@return C{None}
"""
- self.serverCapabilities = self.__disableTLS(caps)
+ if self.useSSL == 'NoSSL':
+ self.serverCapabilities = self.__disableTLS(caps)
d = defer.Deferred()
d.addCallback(self.factory.callback, self)
@@ -59,7 +65,7 @@
class ChandlerIMAP4Factory(protocol.ClientFactory):
protocol = ChandlerIMAP4Client
- def __init__(self, callback, errback):
+ def __init__(self, callback, errback, useSSL):
"""
A C{protocol.ClientFactory} that creates C{ChandlerIMAP4Client} instances
and stores the callback and errback to be used by the C{ChandlerIMAP4Client} instances
@@ -75,9 +81,13 @@
self.callback = callback
self.errback = errback
+ self.useSSL = useSSL
def buildProtocol(self, addr):
- p = self.protocol()
+ if self.useSSL == 'NoSSL':
+ p = self.protocol(contextFactory=None, useSSL=self.useSSL)
+ else:
+ p = self.protocol(ssl.ClientContextFactory(useM2=1), self.useSSL)
p.factory = self
return p
@@ -144,8 +154,10 @@
self.account.setPinned()
- host = self.account.host
- port = self.account.port
+ host = self.account.host
+ port = self.account.port
+ useSSL = self.account.useSSL
+ portSSL = self.account.portSSL
if __debug__:
self.printAccount()
@@ -153,8 +165,13 @@
finally:
self.restorePreviousView()
- factory = ChandlerIMAP4Factory(self.loginClient, self.catchErrors)
- reactor.connectTCP(host, port, factory)
+ factory = ChandlerIMAP4Factory(self.loginClient, self.catchErrors,
+ useSSL)
+ if useSSL == 'SSL':
+ reactor.connectSSL(host, portSSL, factory,
+ ssl.ClientContextFactory(useM2=1))
+ else:
+ reactor.connectTCP(host, port, factory)
def printAccount(self):
"""
@@ -170,6 +187,8 @@
str = "\nHost: %s\n" % self.account.host
str += "Port: %d\n" % self.account.port
+ str += "PortSSL: %d\n" % self.account.portSSL
+ str += "SSL: %s\n" % self.account.useSSL
str += "Username: %s\n" % self.account.username
str += "Password: %s\n" % self.account.password
Index: chandler/parcels/osaf/mail/parcel.xml
diff -u chandler/parcels/osaf/mail/parcel.xml:1.13 chandler/parcels/osaf/mail/parcel.xml:1.14
--- chandler/parcels/osaf/mail/parcel.xml:1.13 Fri Aug 13 07:41:01 2004
+++ chandler/parcels/osaf/mail/parcel.xml Fri Aug 13 14:08:59 2004
@@ -12,7 +12,7 @@
<content:username>osafuser</content:username>
<content:password>chandler</content:password>
<content:port>143</content:port>
- <content:useSSL>False</content:useSSL>
+ <content:useSSL>NoSSL</content:useSSL>
</content:IMAPAccount>
<task:Task itsName="IMAPMailClient">
Index: chandler/parcels/osaf/contentmodel/mail/parcel.xml
diff -u chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.43 chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.44
--- chandler/parcels/osaf/contentmodel/mail/parcel.xml:1.43 Fri Aug 13 12:03:32 2004
+++ chandler/parcels/osaf/contentmodel/mail/parcel.xml Fri Aug 13 14:08:58 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.43 $ -->
-<!-- $Date: 2004/08/13 19:03:32 $ -->
+<!-- $Revision: 1.44 $ -->
+<!-- $Date: 2004/08/13 21:08:58 $ -->
<!-- Copyright (c) 2003 Open Source Applications Foundation -->
<!-- License: http://osafoundation.org/Chandler_0.1_license_terms.htm -->
@@ -59,13 +59,24 @@
<description value="The SSL port number to use" />
<type ref="Integer" />
<initialValue ref="None" />
+ <issues>Heikki: This seems like a needless complication. The IMAP/IMAP over SSL port numbers are standards, and could be hardcoded for defaults. If user has not touched port number, then useSSL attribute would select which default port number to use. Look at Mozilla Mail, for example.</issues>
</Attribute>
+ <Enumeration itsName="useSSLEnumType">
+ <values>NoSSL</values>
+ <values>ServerSTARTTLS</values>
+ <values>SSL</values>
+ <issues>Heikki: I don't like the name of this enumeration or the values.</issues>
+ <issues>Heikki: Do we need TLS value as well? Or should that be covered by a global user pref (what SSL/TLS versions to use)?</issues>
+ <issues>Heikki: ServerSTARTTLS is something that I don't know if any other email clients supports. It basically means that we start connection in non-SSL mode, but if the server sends STARTTLS to us we will try to switch to TLS.</issues>
+ </Enumeration>
+
<Attribute itsName="useSSL">
- <displayName value="use SSL" />
- <description value="Whether or not to use SSL" />
- <type ref="Boolean" />
- <initialValue type="Boolean" value="False" />
+ <displayName value="Use secure connection (SSL/TLS)" />
+ <description value="Whether or not to use SSL/TLS" />
+ <type ref="mail:AccountBase/useSSLEnumType" />
+ <initialValue type="mail:AccountBase/useSSLEnumType">NoSSL</initialValue>
+ <issues>ServerSTARTTLS should be default value, but we make NoSSL default to make debugging/testing easier. Should be switched before we make any publicly usable versions available.</issues>
</Attribute>
<Attribute itsName="pollingFrequency">
More information about the Commits
mailing list