On Wed, May 11, 2016 at 03:59:29PM +0200, Matthias Hunstock wrote:
Am 11.05.2016 um 09:12 schrieb Simon Horman:
In order to aid review I have pushed this series
to the mercurial repository.
http://hg.vergenet.net/perdition/perdition/
Thank you! Some notes:
The
VANESSA_LOGGER_DEBUG_RAW("min");
in line 1133 of options.c seems odd, maybe it is left and was to be removed?
Yes, sorry about that.
It was an artifact of my debugging and shouldn't have been included.
I'll remove it.
To build the package on Wheezy it seems necessary to
have an empty
directory "m4" in the source. On Jessie this missing directory
"only"
gives a warning. I'm not very into autoconf & Co. so maybe there is a
cleaner solution.
Thanks, I will look into that separately.
First tests were unsuccessful however. It seems
perdition tries to do
SSL on port 143 instead of STARTTLS. Port 993/995 look fine. I have tried
ssl_mode ssl_listen
which is the currently running option in perdition 1.9 as well as
ssl_mode ssl_listen,tls_listen
which gives a warning about being an invalid combination.
When using
ssl_mode tls_listen
it seems to work correctly on the SSL and STARTTLS ports, but this still
gives the "invalid combination" warning on startup.
I'm unsure if my config is correct, but there are no big differences to
1.9. Maybe just the if clause in options.c:333 is incorrect? However I
did this on Debian Wheezy which has an older OpenSSL and will continue
testing on Debian Jessie.
I apologise for the clunk configuration options. If I had my time again
I would probably do things differently.
ssl_mode only tells perdition if it should:
* deal with a connection entirely in plaintext (ssl_*)
* allow upgrade of a connection from plaintext to SSL/TLS (tls_*)
* deal with a connection entirely using SSL/TLS (no option)
These options are mutually exclusive.
The use of "ssl_" to denote SSL/TLS always and "tls_" to denote
upgrade from plaintext is at best confusing. It reflects my understanding
of those terms at the time I wrote the code. I would not chose to name
them that way if I was writing the code now.
Changing the port is handled separately, using the listen_port and
bind_address options.
The protocol option may be used to change the ssl_mode and listen port.
E.g.
protocol imap4s
Should be equivalent to:
ssl_mode ssl_listen,ssl_outgoing
listen_port 143
outgping_port 143
Invoking perdition as perdition.imap4s will set "protocol imap4s".
Likewise for other supported protocols.
If you wish perdition to listen for plaintext connections (upgradable to
SSL/TLS or not) and SSL/TLS connections then two separate invocations of
perdition are required.