Bug 207021 - sni support for imaps/pop3s in kio
Summary: sni support for imaps/pop3s in kio
Status: RESOLVED DUPLICATE of bug 122433
Alias: None
Product: kmail
Classification: Unmaintained
Component: general (show other bugs)
Version: 1.12.1
Platform: Gentoo Packages Linux
: NOR wishlist
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-11 03:11 UTC by Daniel Black
Modified: 2009-09-21 19:23 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Black 2009-09-11 03:11:31 UTC 
Version:           1.12.1 (using KDE 4.3.1)
Compiler:          gcc (Gentoo 4.3.2-r3 p1.6, pie-10.1.5) 4.3.2 
OS:                Linux
Installed from:    Gentoo Packages

When imaps/pop3s use SSLv3/TLS1 they do not use the SNI extension defined by RFC 4366. Enabling this would enable email providers to run multiple SSL/TLS services on a single IP without certificate validation errors.

This still needs to be implemented in Qt:
qt-x11-opensource-src-4.5.1/src/network/ssl/qsslsocket_openssl.cpp:initSslContext

with something like:

+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)                                                                                
+       /* If SNI isn't supported, we just don't call it and fail silently,                                                                              
+        * as there's not much else we can do.                                                                                                           
+        */                                                                                                                                              
+       if ((configuration.protocol == QSsl::SslV2) &&                                                                                                            ((mode == QSslSocket::SslClientMode))
+               SSL_set_tlsext_host_name(self->ssl, q->peerName().toAscii().data());               
+#endif
Comment 1 Daniel Black 2009-09-11 03:25:50 UTC 
typo: configuration.protocol != QSsl::SslV2

also see bug 122433 and bug 174933 for SNI on konqueror
Comment 2 Daniel Black 2009-09-11 03:45:31 UTC 
upstream feature request: http://qt.nokia.com/developer/task-tracker/index_html?method=entry&id=188841
Comment 3 Daniel Black 2009-09-21 19:23:52 UTC 

*** This bug has been marked as a duplicate of bug 122433 ***