Eudora compatibility, patches

Leena Heino Leena.Heino at uta.fi
Wed Jun 4 05:27:14 EDT 2003 

Here is a couple of patches to make Cyrus imapd 2.1.x versions
compatible with Eudora's features. They seem to work in our enviroment,
but be carefull and use at your own risk.

Patch 1 makes Cyrus imapd's STARTTLS Eudora compatible (and breaks client
side certificates).
Patch 2 to make MIME boundary handling Eudora compatible.


Patch 1:
Some 5.x Eudora versions seems to do STARTTLS with SSLv2 or SSLv3
handshake. To enable STARTTLS with, server must enable SSLv2 and
SSLv3 with STARTTLS.

Eudora version 5.2.x refuse to do STARTTLS if server ask for client side
certificates. To enable STARTTLS with these Eudora versions, do not ask
client sertificates with IMAP+STARTTLS.

Add these to imapd.conf:
# Wheter to request client certificate with STARTTLS session.
#
##tls_request_cert: 1
# Wheter to request client certificate with STARTTLS imap session.
#
tls_imap_request_cert: 0
# Wheter to request client certificate with STARTTLS pop3 session.
#
tls_pop3_request_cert: 0
# Wheter to request client certificate with STARTTLS lmtp session.
#
##tls_lmtp_request_cert: 1
# Wheter to request client certificate with STARTTLS sieve session.
#
##tls_sieve_request_cert: 1

Patch to Cyrus IMAP:
--- imap/tls.c.orig	Wed Jul 24 22:30:40 2002
+++ imap/tls.c	Fri Nov 15 11:46:51 2002
@@ -573,6 +573,7 @@
     const char   *s_cert_file;
     const char   *s_key_file;
     int    requirecert;
+    int    requestcert;
     int    timeout;

     if (tls_serverengine)
@@ -605,8 +606,11 @@

     off |= SSL_OP_ALL;		/* Work around all known bugs */
     if (tlsonly) {
+	/* Eudora 5.x does not support TLSv1 (per RFC2246 & RFC2595).
+	 * Therefore enable SSLv2 and SSLv3 with STARTTLS.
 	off |= SSL_OP_NO_SSLv2;
 	off |= SSL_OP_NO_SSLv3;
+	*/
     }
     SSL_CTX_set_options(ctx, off);
     SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -692,8 +696,13 @@
     SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);

     verify_depth = verifydepth;
-    if (askcert!=0)
-	verify_flags |= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+    if (askcert!=0) {
+        snprintf(buf, sizeof(buf), "tls_%s_request_cert", ident);
+        requestcert = config_getswitch(buf,
+				   config_getswitch("tls_request_cert", 1));
+        if (requestcert)
+	   verify_flags |= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+    }

     snprintf(buf, sizeof(buf), "tls_%s_require_cert", ident);
     requirecert = config_getswitch(buf,


Patch 2:
Eudora versions pre 5.1 seems to create MIME boundarytags that are
substrings of main MIME boundary tag.

Patch to Cyrus IMAP:
--- imap/message.c.orig	Tue Aug 13 19:46:32 2002
+++ imap/message.c	Thu Nov 21 13:11:04 2002
@@ -1699,13 +1699,27 @@
 char **boundaries;
 int *boundaryct;
 {
-    int i, len;
-
+    int i, len, slen;
+    char *end;
+
     if (s[0] != '-' || s[1] != '-') return(0);
     s+=2;

+    slen = 0;
+    end = strchr(s, '\r');
+    if (end) {
+        slen = end - s;
+        if ((*(end-1) == '-') && (*(end-2) == '-')) {
+            slen -= 2;
+        }
+    }
     for (i=0; i < *boundaryct; ++i) {
 	len = strlen(boundaries[i]);
+        /* s might contain a boundaries[i] as a substring.
+           So use the length of s if it is longer than len */
+        if (slen > len) {
+            len = slen;
+        }
         if (!strncmp(s, boundaries[i], len)) {
             if (s[len] == '-' && s[len+1] == '-') *boundaryct = i;
             return(1);

-- 
  -- Leena Heino (liinu at uta.fi)

More information about the Info-cyrus mailing list