Re: [Evolution-hackers] evolution failing on TLSv1.3 after gnutls upgrade

[Sasa Ostrouska <casaxa gmail com>]

Hi all, and thanks Milan for the program. I also run an old version of
evolution 3.20.x and I get the following:

rc@rc-laptop:~/Downloads$ gcc `pkg-config --cflags --libs glib-2.0
gio-2.0` imap-conn.c -g -O0 -o imap-conn && ./imap-conn
imap.googlemail.com 993
Connected to imap.googlemail.com:993
Failed to read data from the server: Error reading data from TLS
socket: The specified session has been invalidated for some reason.

I neded to #include <string.h> on my slackware linux.

Rgds
Saxa

On Fri, May 10, 2019 at 5:07 PM James Bottomley via evolution-hackers
<evolution-hackers gnome org> wrote:
> On Fri, 2019-05-10 at 08:41 +0200, Milan Crha via evolution-hackers
> wrote:
> > On Thu, 2019-05-09 at 11:03 -0700, James Bottomley wrote:
> > > I can certainly test things out.
> >
> >       Hi,
> > that's great, thanks.
> >
> > > To be honest, I've had problems with TLSv1.3 every time it's been
> > > negotiated, so disabling it is a reasonable thing to do.
> >
> > I see. If you are still willing to help, then it'll be appreciated.
> >
> > > I suppose there's no gntuls-cli equivalent for glib-
> > > networking?  That
> > > would be the best way to test it.
> >
> > I agree, but I'm not aware of anything like that (which doesn't mean
> > it
> > doesn't exist). I made a little test program as promised, see the
> > attachment. The first line contains a comment with a command to
> > compile
> > and run it (against Google's IMAP server). It's only a test program,
> > mimic-ing what Evolution (or better Camel library from evolution-
> > data-
> > server) does. You may have installed development packages for glib
> > and,
> > if split, also for glib's gio, to be able to compile it.
> >
> >       Bye,
> >       Milan
> >
> > P.S.: The result of the run as is in the file itself is below:
> >
> >
> > $ ./imap-conn imap.googlemail.com 993
> >
> > Connected to imap.googlemail.com:993
> > Response: * OK Gimap ready for requests from {IPADDRESS} {SOMETOKEN}
> >
> > Request:  A01 CAPABILITY
> > Response: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID
> > XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN
> > AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
> > A01 OK Thats all she wrote! {SOMETOKEN}
> >
> > Request:  A02 LOGOUT
> > Response: * BYE Logout Requested {SOMETOKEN}
> > A02 OK Quoth the raven, nevermore... {SOMETOKEN}
>
> So when I run it against my current setup (TLSv1.3 disabled) I get this
> as expected:
>
> jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
> Connected to bedivere.hansenpartnership.com:993
> Response: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot 
> (Debian) ready.
>
> Request:  A01 CAPABILITY
> Response: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN
>
> Request:  A02 LOGOUT
> Response: A01 OK Pre-login capabilities listed, post-login capabilities have more.
>
> But when I enable TLSv1.3 in dovecot on the server I get this:
>
> jejb@jarvis:~> ./imap-conn bedivere.hansenpartnership.com 993
> Connected to bedivere.hansenpartnership.com:993
> Failed to read data from the server: Error reading data from TLS socket: The specified session has been 
> invalidated for some reason.
>
> Which isn't particularly helpful, although it does prove the issue is
> indeed in glib-networking.  Is there further debugging I should turn
> on?
>
> James
>
> _______________________________________________
> evolution-hackers mailing list
> evolution-hackers gnome org
> To change your list options or unsubscribe, visit ...
> https://mail.gnome.org/mailman/listinfo/evolution-hackers