After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 339903 - evolution not using STARTTLS properly
evolution not using STARTTLS properly
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: Mailer
1.6.x (obsolete)
Other All
: Normal normal
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2006-04-27 10:51 UTC by beezly
Modified: 2007-04-09 14:35 UTC
See Also:
GNOME target: ---
GNOME version: 2.13/2.14


Description beezly 2006-04-27 10:51:12 UTC 
Please describe the problem:
evolution fails to connect to an imap server using TLS. STARTTLS support seems
to be broken;

* OK IMAP4 Ready woodchuck 00023754
A00000 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
A00000 OK CAPABILITY
A00001 STARTTLS
A00001 OK Begin TLS negotiation now
A00002 LOGIN cs1ajb my-password-in-the-clear

Note how after "A00001 OK" There is no attempt to start TLS negotiation.

Steps to reproduce:
1. Configure an account to use TLS.
2. Try to connect to server
3. Get an error message about TLS


Actual results:
An error message about TLS negotiation appears.

Expected results:


Does this happen every time?


Other information:
Comment 1 Anders Kaseorg 2006-05-09 21:21:23 UTC 
I have the same problem in Evolution 2.6.1 on Ubuntu Dapper. Someone confirm this please, this is a *major security problem*!
Comment 2 Anders Kaseorg 2006-05-09 21:38:33 UTC 
The problem shows up when you select the "IMAP4rev1" server type; "IMAP" works fine.
Comment 3 Jeffrey Stedfast 2006-05-09 22:04:34 UTC 
what are you talking about?

C: A00001 STARTTLS
S: A00001 OK Begin TLS negotiation now

<at this point the client/server have both successfully been toggled into TLS mode>

C: A00002 LOGIN cs1ajb my-password-in-the-clear

no, it's not in the clear. it's TLS encrypted.
Comment 4 Jeffrey Stedfast 2006-05-09 22:04:52 UTC 
what are you talking about?

C: A00001 STARTTLS
S: A00001 OK Begin TLS negotiation now

<at this point the client/server have both successfully been toggled into TLS mode>

C: A00002 LOGIN cs1ajb my-password-in-the-clear

no, it's not in the clear. it's TLS encrypted.
Comment 5 Anders Kaseorg 2006-05-09 22:36:23 UTC 
(In reply to comment #4)
> C: A00002 LOGIN cs1ajb my-password-in-the-clear
> 
> no, it's not in the clear. it's TLS encrypted.

Um, if it was TLS encrypted, I wouldn't be able to read it with Ethereal, would I?
Comment 6 Jeffrey Stedfast 2006-05-09 23:27:31 UTC 
ah, well you didn't say that - I thought you were copy/pasting the protocol debug from evolution :p


fwiw, you probably want to be using the "IMAP" and not "IMAP4rev1" account type anyway.
Comment 7 André Klapper 2006-05-10 00:23:39 UTC 
perhaps related to bug 321797? dunno
Comment 8 Sam Morris 2006-06-16 21:11:37 UTC 
Chaps, if Evolution 2.6.1 is in Dapper then you will want to make sure they have included the fix for bug #339939!
Comment 9 André Klapper 2006-06-17 04:28:20 UTC 
sam: well, ask the ubuntu folks which patches they have backported :-)
Comment 10 Jeffrey Stedfast 2007-04-09 14:35:50 UTC 
this should be fixed in imap4 now (committed a patch last night - been hacking on libspruce which is where imap4 came from to begin with... it is basically just a port)