thunderbird sieve certificate issues

Tim tim at umbc.edu
Tue May 13 03:50:05 EDT 2008


Okay, no one else seems to have chimed up yet...  From what I found 
below, and a few other emails, the "problem" is that the sieve daemon 
finally corrected itself to conform to specs, and clients were relying 
on it not conforming to specs.

This is the fix for the "Connecting..." not going away.

So, here is a solution that appears to work for me (I'm editing the 1.4 
source code, not CVS).  I still think that the better fix is to re-write 
SieveAbstractResponse to handle multi-lined responses, and check for the 
return string on the last line... but I'll leave that to someone who 
does better javascript than I do. ;)

For now, here is a fix...  Please let me know if it works or not.

Edit libs/libManageSieve/SieveResponse.js

Update these two functions.  Commented out lines are the original.  Make 
your functions look like the below.

function SieveStartTLSResponse(data)
{
    this.superior = new SieveInitResponse(data);
//    this.superior = new SieveAbstractResponse(
//                        new SieveResponseParser(data));
}


function SieveSaslPlainResponse(data)
{
     this.superior = new SieveInitResponse(data);
//    this.superior = new SieveAbstractResponse(
//                        new SieveResponseParser(data));
}


This is definitely not guaranteed to work with SaslLogin, but I don't 
even have that setup to test.  That one seems to be a little more... 
something. :)  But if you apply the above, and find the other fix on 
this list that disabled the Login code, it should work.

Also, I do have this applied:
user_pref("security.default_personal_cert", "Select Automatically");

But that was not the error I was getting, so I don't know if its really 
effecting anything.  But just incase if you need it. :)


Hopefully someone can apply this, or something equally effective to the 
source code base?

Tim


Tim wrote:
> I'm new to the list, but I was directed here by a friend.
> 
> I believe I have found the problem, and I have a "hack", using that term
> well beyond how it should be use.  The hack is NOT a solution, but it
> does make it work.  Please, no one use this though!  It will most likely
> cause other problems!  This is your first, last and only warning! :)
> What it DOES do is identify the problem.
> 
> The problem is, that after the STARTTLS is sent, the response is being
> handle like any normal command, but it can't be.
> 
> So, after doing a STARTTLS, it sends back the capabilities
> automatically, ending in an "OK" line.  But the function that is
> checking the response is SieveAbstractResponse(parse).  It does the code:
> 
> if (parser.startsWith("OK"))
> 
> But it doesn't, cause it looks like:
> 
> "IMPLEMENTATION" "Cyrus...."
> "SASL" "GSSAPI PLAIN"
> "SIEVE" "...."
> OK
> 
> (your results may vary ;)
> 
> So, the "hack" is to change the default case of that to be "OK"(in
> SieveResponse.js):
> 
>      else {
>          this.response = 0;
>          parser.extract(2);
>          return;
> //       alert("Throwing exception for data: "+parser.getData());
> //        throw "NO, OK or BYE expected";
>      }
> 
> (as you can see, I have some alerts() in there to figure out what was
> going on, so those are not necesary)
> 
> 
> The REAL fix, is to have the response handled by whatever handles the
> normal initial connection string.  I'm hoping there is someone on this
> list who knows the code better than I do to fix this correctly. :)
> Meanwhile, I need to go through the code and remove all of my alerts now. ;)
> 
> Hope this helps someone who has code access. :-D
> 
> Tim
> 
> 
>> Hi Marc,
>>
>> it's as Thunderbird Sieve problem, again.
>> let me guess your Sieve supports 'LOGIN' and 'PLAIN' and maybe some
>> other authentication protocols.
>> 'Thunderbird Sieve' says it support 'LOGIN' and 'PLAIN' as well.
>> Unfortunately the 'LOGIN' code in 1.4 of Thunderbird Sieve is full of
>> bugs! You have to use 'PLAIN'!
>>
>> There are two possibilities (I don't think you want to change your  
>> Sieve
>> daemon) to do so.
>>
>> 1) Load down the current Thunderbird Sieve CVS in the Settings tab you
>> can set the protocol.
>>
>> 2) Go into the 'SieveFilterExplorer.js'-file and comment out the
>> 'case'-statement beginning line 24
>> //      case "login":
>> //        request = new SieveSaslLoginRequest();
>> //          request.addSaslLoginListener(event);
>> //        break;
>>
>> I'm using now Sieve 1.4 CVS  but currently facing a little issue. I
>> think I'll fix it tonight (CET). If you want I can send you the 1.4  
>> CVS
>> xpi-file.
>>
>> Cheers
>> Roland
>>
>>
>> Marc Grober wrote:
>>> Yes,  that got rid of the challenge,  so now I am bacl to the same
>>> error and it sits there saying connecting.....
>>>
>>> I am missing something that has to be very simple in making the
>>> connection to sieve,  where it is the TLS negotiation or something
>>> else I don;t know....
>>>
>>> Roland Felnhofer wrote:
>>>> Hi Marc,
>>>>
>>>> again; here the essence to get rid of the dialog:
>>>>
>>>> user_pref("security.default_personal_cert", "Select Automatically");
>>> ------------------------------------------------------------------------
>>>
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 

-- 
-----------------------------------------------------------------------
Tim Craig            It's hard to be serious when you're
tim at geekmeat.net     naked. - Garfield
-----------------------------------------------------------------------


More information about the Info-cyrus mailing list