From: Tomas K. <to...@us...> - 2006-01-28 19:24:17
|
Update of /cvsroot/squirrelmail/squirrelmail/doc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28547/doc Modified Files: authentication.txt Log Message: Added IMAP and SMTP STARTTLS extension support. Saved SMTP EHLO response in class parameters. Moved sanitizing of SMTP errors from delivery class to display scripts. Allowed to use configtest.php when client_ip matches server_ip. There is no 1.3.3 version. TLS was introduced in 1.4.0. Index: authentication.txt =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/doc/authentication.txt,v retrieving revision 1.8 retrieving revision 1.9 diff -u -w -r1.8 -r1.9 --- authentication.txt 23 May 2005 16:25:46 -0000 1.8 +++ authentication.txt 28 Jan 2006 19:24:07 -0000 1.9 @@ -4,8 +4,8 @@ Chris Hilts ta...@sq... ********************************************** -Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were -supported. With the release of SquirrelMail 1.3.3, support for the +Prior to SquirrelMail 1.4.0, only plaintext logins for IMAP and SMTP were +supported. With the release of SquirrelMail 1.4.0, support for the CRAM-MD5 and DIGEST-MD5 auth mechanisms has been added. TLS support has also been added. It is possible to use different methods for both IMAP and SMTP. TLS is able to be enabled on a per-service basis as well. @@ -21,20 +21,26 @@ ------------ CRAM/DIGEST-MD5 -* SquirrelMail 1.3.3 or higher +* SquirrelMail 1.4.0 or higher * If you have the mhash extension to PHP, it will automatically be used, which may help performance on heavily loaded servers. ** NOTE: mhash is optional and no longer a requirement ** +* Digest-MD5 authentication needs PHP XML extension. TLS -* SquirrelMail 1.3.3 or higher +* SquirrelMail 1.4.0 or higher * PHP 4.3.0 or higher (Check Release Notes for PHP 4.3.x information) -* The "STARTTLS" command is NOT supported. The server you wish to use TLS - on must have a dedicated port listening for TLS connections. (ie. port - 993 for IMAP, 465 for SMTP) +* The server you wish to use TLS on must have a dedicated port listening for + TLS connections. (ie. port 993 for IMAP, 465 for SMTP). See STARTTLS + requirements, if you want to use IMAP or SMTP STARTTLS extension. * If you use PHP 4.3.x, OpenSSL support must be compiled staticly. See PHP bug #29934 (http://bugs.php.net/bug.php?id=29934) +STARTTLS +* SquirrelMail 1.5.1 or higher +* PHP 5.1.0rc1 or higher (stream_socket_enable_crypto() function) +* Server with STARTTLS extension support + CONFIGURATION ------------- @@ -44,9 +50,10 @@ You must have set the host and port before attempting to detect, or you may get inaccurate results, or a long wait while the connection times out. -If you get results that you know are wrong when you use auto-detection, I -need to know about it. Please send me the results you got, the results you -expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9"). +If you get results that you know are wrong when you use auto-detection, send +information about it to SquirrelMail developers. Provide the results you got, +the results you expected, and server type, name, and version (eg. "imap, +Cyrus, v2.1.9"). KNOWN ISSUES ------------ @@ -104,5 +111,30 @@ as the authentication mechanism is something besides 'none', i.e. 'login','plain','cram-md5', or 'digest-md5'. +DEBUGGING SSL ERROR MESSAGES +---------------------------- + +SquirrelMail disables display of PHP errors in fsockopen() and +stream_socket_enable_crypto() function calls. These functions use PHP error +handler to display connection errors and SquirrelMail tries to handle +errors without displaying debugging information to end user. If you use TLS or +STARTTLS and get connection errors, try reproducing them in configtest.php +script or remove @ symbol from fsockopen() and stream_socket_enable_crypto() +calls in SquirrelMail scripts. + +Possible error messages: +* SSL: Connection reset by peer in some script. + Error happened in IMAP server and server dropped connection. It is possible + that error is logged in system or imap logs. + +* SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL +routines:func(148):reason(1040) in some script. + Error generated by SSL libraries. Locate numbers listed 'SSL + routines:func(###):reason(####)' string, find ssl.h file in your OpenSSL + sources and locate same numbers listed in '/* Error codes for the SSL + functions. */' section. Error define can be self explanatory. If you don't + understand it, search for error or that define in your favorite search + engine. + [End] |
From: Chris H. <ch...@bi...> - 2006-01-30 16:15:40
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tomas Kuliavas wrote: > There is no 1.3.3 version. TLS was introduced in 1.4.0. At the time when I wrote the code, 1.3.3 was devel cvs, and 1.4.0 did not yet exist. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFD3jub98ixrK2vMtARAm3hAKCLWXmRZAlW1tpdRXgBH5nMBXGgqACfTl7L IVkUvn1mCQPRydAoV8FOMGU= =zdwu -----END PGP SIGNATURE----- |