Balsa + libESMTP + TLS



Hi all,

I've redone the TLS patch to add full blown SMTP STARTTLS support to Balsa.
This is against CVS of 25/Aug/2001.

Unlike the previous patch, the configure script works! (a typo on my part)
Another minor change is to rename HAVE_SMTP_STARTLS, which was misleading,
to HAVE_SMTP_TLS_CLIENT_CERTIFICATE.

The patch adds a "Use TLS" option menu to the SMTP server configuration,
selectable from "Never", "If Possible" or "Require".

If you have libESMTP 0.8.5{preX} there will be a box for entry of the client
certificate's password.  The client certificate should be stored in PEM format
in the file $HOME/.authenticate/private/smtp-starttls.pem  Both the certificate
and the private key are stored in the same file.  The permissions on the
certificate file *must* be 0600 or 0400 otherwise libESMTP will ignore it.

libESMTP 0.8.4 will establish an encrypted connection with servers supporting
STARTTLS but there is no certificate support.  If the remote SMTP server requires
a certificate, you will have to set "Use TLS" to "Never".

Note that libESMTP 0.8.5 will only negotiate a TLS connection.  It will not
use SSLv2 or SSLv3 which are subject to downgrade attacks.

Regards
Brian Stafford

tls.patch.gz



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]