Bug 212951

Summary: Kmail Sends StartTls but shouldn't when connecting to sieve
Product: [Unmaintained] kmail Reporter: DonMartio <donmartio>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: donmartio
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description DonMartio 2009-11-03 19:03:26 UTC 
Version:            (using KDE 4.3.2)
OS:                Linux
Installed from:    Gentoo Packages

I got a problem here editing my sieve scripts.

If i want to manage my sieve scripts a popup occur saying
'Datei kann nicht geschrieben werden: Netzwerkfehler'
(sorry it's german and says something like 'couldn't write file: Networkerror')

I did some investigation using wireshark and that KMail sends an StatTls and the Server don't like that.

I tried that with telnet and got the same result:
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.14"
"SASL" "LOGIN CRAM-MD5 DIGEST-MD5 PLAIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
OK
StartTls
Connection closed by foreign host.

So why is kmail sending this 'StatTls' even if i have no encryption configured?

This Problem only comes up with kde4. My collegue here still uses kmail on kde3.5.10 and does not have the Problem.

May there is some special trick to prevent kmail or libksieve from doing this.
Comment 1 DonMartio 2010-02-14 22:52:56 UTC 
If i call the server via telnet it gives me the capabilities in return.

In my case there is no "STARTTLS" on this special server in this response.

I've tested a little bit around and checked the sources of cyrus-2.3.16 and kdepimlibs-4.4.0.

As far as i understood it cyrus cuts the connection if a STARTTLS token is sent and TLS is not configured/supported.

In the kdeplimlibs sources i found that the kio_sieve slave ignores that there is no STARTTLS capability received from the server.

I changed the line 368 in kioslave/sieve/sieve.cpp
from
if (useTLSIfAvailable && QSslSocket::supportsSsl()) {
to
if (useTLSIfAvailable && m_supportsTLS && QSslSocket::supportsSsl()) {

and it's working again.

I'm not sure if this the right way to solve this. May someone can check it an put it into some future release so i don't have to keep my own kdepimlibs version.

Greetings so far.
Comment 2 Thomas McGuire 2010-02-19 19:21:43 UTC 
SVN commit 1092916 by tmcguire:

Don't send STARTTLS when it is not advertised, even if we requested it (but not if
m_allowUnencrypted is set to false).

Thanks to Don Martio <donmartio at larkos dot de> for providing the solution.
BUG: 212951


 M  +2 -3      sieve.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1092916
Comment 3 Thomas McGuire 2010-02-19 19:29:49 UTC 
SVN commit 1092921 by tmcguire:

Backport r1092916 by tmcguire from trunk to the 4.4 branch:

Don't send STARTTLS when it is not advertised, even if we requested it (but not if
m_allowUnencrypted is set to false).

Thanks to Don Martio <donmartio at larkos dot de> for providing the solution.
CCBUG: 212951



 M  +2 -3      sieve.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1092921