mupdate TLS

[Andrew Morgan]

On Thu, 14 May 2009, Duncan Gibb wrote:

> Andrew Morgan wrote:
>
> AM> Does the mupdate process in a Cyrus murder actually use TLS?
>
> AM> And....  after a lot of digging I see that this is a known bug:
>
> AM>    https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3119
>
> AM> Never mind!  This sounds like an very complicated problem
>
> Not particularly - it's quite a small patch which goes onto 2.3.14 and
> current CVS HEAD cleanly.  If there's any extra work required for it to
> be applied upstream, I'm happy to do that.

Well I'm a little scared to break things on my production cyrus site.  I 
don't particularly need this feature, but it was on my checklist of things 
for a long time.  I'm happy to wait until this code is included in a 
regular release.

> AM> so I'll just stay away from TLS for mupdate.  Although I don't
> AM> understand why mupdate isn't having problems for me right now,
> AM> since mupdate seems to be advertising STARTTLS in the
> AM> capability string.
>
> If your config allows the Mupdate server to advertise a usable SASL mech
> without doing a "STARTTLS", then backend_authenticate() won't bother.

Ah, that explains it.  I have allowplaintext: 1 at the moment.  I'll make 
a note of this though.

Thanks for your explanation!

 	Andy