command-line sieve client that supports TLS
Phil Pennock
info-cyrus-spodhuis at spodhuis.org
Tue Nov 14 18:59:07 EST 2006
I'm replying to myself because the new version is in response to a
feature request which was sent directly to me.
New version is -v66; this is what I get for being lazy and using repo
revision numbers as a software release number. It's a standalone
script, I think that people will survive.
New feature: TLS client certificate authentication. If you can auth
with a client cert for IMAP, this will work for Sieve; myself, I grant
the certificate CN ("Phil Pennock") "a" admin rights on my INBOX. This
probably doesn't scale well but I've not yet summoned the inclination to
write a new ptloader module to resolve certs. I'm open to pointers to
better techniques.
Either use --clientkeycert <file> to refer to a file with both the
public and private keys in it, or use both the --clientkey and
--clientcert options. Whichever, the certs need to be PEM encoded.
Please be aware that it's _possible_ that future upgrades to
Authen::SASL::Perl will break this, since I violate the EXTERNAL
module's boundaries to bump up its priority so that it will actually be
used. However, the interface between Authen::SASL::Perl and the modules
would need to change so it's hopefully fairly unlikely. If this ever
breaks, the evilness lies around line 185:
no warnings 'redefine';
$Authen::SASL::Perl::EXTERNAL::{_order} = sub { 10 };
I also fixed CRAM-MD5 auth, which I hadn't tested before, only GSSAPI
and DIGEST-MD5. (If anyone can confirm that PLAIN or other desired
methods work, that'd be nice.) The managesieve protocol allows for
initial responses in SASL; I was sending empty initial responses, which
was fine for DIGEST-MD5 but not for CRAM-MD5.
<URL:http://people.spodhuis.org/phil.pennock/software/sieve_connect-v66>
MD5(sieve_connect-v66) =424a10b8f8dbffb1abeeeedc6f716a65
SHA1(sieve_connect-v66) =c9a75507c188f4e83f331ffdafe2a6557a49baa1
RIPEMD160(sieve_connect-v66) =616fdcb08af8725bbab445ef175532c207c8bedf
I'm open to more feature requests.
-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20061115/03fb55f8/attachment.bin
More information about the Info-cyrus
mailing list