Re: [Evolution-hackers] evolution failing on TLSv1.3 after gnutls upgrade
- From: Sasa Ostrouska <casaxa gmail com>
- To: James Bottomley <James Bottomley hansenpartnership com>
- Cc: Milan Crha <mcrha redhat com>, evolution-hackers gnome org
- Subject: Re: [Evolution-hackers] evolution failing on TLSv1.3 after gnutls upgrade
- Date: Fri, 10 May 2019 23:23:44 +0200
Hi all, and thanks Milan for the program. I also run an old version of
evolution 3.20.x and I get the following:
rc@rc-laptop:~/Downloads$ gcc `pkg-config --cflags --libs glib-2.0
gio-2.0` imap-conn.c -g -O0 -o imap-conn && ./imap-conn
imap.googlemail.com 993
Connected to imap.googlemail.com:993
Failed to read data from the server: Error reading data from TLS
socket: The specified session has been invalidated for some reason.
I neded to #include <string.h> on my slackware linux.
Rgds
Saxa
On Fri, May 10, 2019 at 5:07 PM James Bottomley via evolution-hackers
<evolution-hackers gnome org> wrote:
On Fri, 2019-05-10 at 08:41 +0200, Milan Crha via evolution-hackers
wrote:
On Thu, 2019-05-09 at 11:03 -0700, James Bottomley wrote:
I can certainly test things out.
      Hi,
that's great, thanks.
To be honest, I've had problems with TLSv1.3 every time it's been
negotiated, so disabling it is a reasonable thing to do.
I see. If you are still willing to help, then it'll be appreciated.
I suppose there's no gntuls-cli equivalent for glib-
networking?  That
would be the best way to test it.
I agree, but I'm not aware of anything like that (which doesn't mean
it
doesn't exist). I made a little test program as promised, see the
attachment. The first line contains a comment with a command to
compile
and run it (against Google's IMAP server). It's only a test program,
mimic-ing what Evolution (or better Camel library from evolution-
data-
server) does. You may have installed development packages for glib
and,
if split, also for glib's gio, to be able to compile it.
      Bye,
      Milan
P.S.: The result of the run as is in the file itself is below:
$ ./imap-conn imap.googlemail.com 993
Connected to imap.googlemail.com:993
Response: * OK Gimap ready for requests from {IPADDRESS} {SOMETOKEN}
Request:  A01 CAPABILITY
Response: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID
XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN
AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
A01 OK Thats all she wrote! {SOMETOKEN}
Request:  A02 LOGOUT
Response: * BYE Logout Requested {SOMETOKEN}
A02 OK Quoth the raven, nevermore... {SOMETOKEN}
So when I run it against my current setup (TLSv1.3 disabled) I get this
as expected:
jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
Connected to bedivere.hansenpartnership.com:993
Response: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot 
(Debian) ready.
Request:  A01 CAPABILITY
Response: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN
Request:  A02 LOGOUT
Response: A01 OK Pre-login capabilities listed, post-login capabilities have more.
But when I enable TLSv1.3 in dovecot on the server I get this:
jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
Connected to bedivere.hansenpartnership.com:993
Failed to read data from the server: Error reading data from TLS socket: The specified session has been 
invalidated for some reason.
Which isn't particularly helpful, although it does prove the issue is
indeed in glib-networking.  Is there further debugging I should turn
on?
James
_______________________________________________
evolution-hackers mailing list
evolution-hackers gnome org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-hackers
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]