207021 – sni support for imaps/pop3s in kio

Bug 207021 - sni support for imaps/pop3s in kio

Summary: sni support for imaps/pop3s in kio

Status:	RESOLVED DUPLICATE of bug 122433

Alias:	None

Product:	kmail
Classification:	Applications
Component:	general (show other bugs)
Version:	1.12.1
Platform:	Gentoo Packages Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-11 03:11 UTC by Daniel Black
Modified:	2009-09-21 19:23 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Black 2009-09-11 03:11:31 UTC

Version:           1.12.1 (using KDE 4.3.1)
Compiler:          gcc (Gentoo 4.3.2-r3 p1.6, pie-10.1.5) 4.3.2 
OS:                Linux
Installed from:    Gentoo Packages

When imaps/pop3s use SSLv3/TLS1 they do not use the SNI extension defined by RFC 4366. Enabling this would enable email providers to run multiple SSL/TLS services on a single IP without certificate validation errors.

This still needs to be implemented in Qt:
qt-x11-opensource-src-4.5.1/src/network/ssl/qsslsocket_openssl.cpp:initSslContext

with something like:

+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)                                                                                
+       /* If SNI isn't supported, we just don't call it and fail silently,                                                                              
+        * as there's not much else we can do.                                                                                                           
+        */                                                                                                                                              
+       if ((configuration.protocol == QSsl::SslV2) &&                                                                                                            ((mode == QSslSocket::SslClientMode))
+               SSL_set_tlsext_host_name(self->ssl, q->peerName().toAscii().data());               
+#endif

Comment 1 Daniel Black 2009-09-11 03:25:50 UTC

typo: configuration.protocol != QSsl::SslV2

also see bug 122433 and bug 174933 for SNI on konqueror

Comment 2 Daniel Black 2009-09-11 03:45:31 UTC

upstream feature request: http://qt.nokia.com/developer/task-tracker/index_html?method=entry&id=188841

Comment 3 Daniel Black 2009-09-21 19:23:52 UTC


*** This bug has been marked as a duplicate of bug 122433 ***