Re: [Evolution] Howto make Evolution 3.36.3 send a client cert for authentication?

From: Ángel <angel 16bits net>
To: evolution-list gnome org
Subject: Re: [Evolution] Howto make Evolution 3.36.3 send a client cert for authentication?
Date: Sun, 21 Jun 2020 00:15:45 +0200

On 2020-06-15 at 11:22 +0200, Milan Crha via evolution-list wrote:


Maybe it could be worked around with some connection tunnel, but I do
not have any experience with it, thus I cannot help to setup or use
it.
I'm sorry.
        Bye,
        Milan



You should be able to do that with a command like:
 socat -v STDIO 
OPENSSL:<yourserver>:<port>,capath=/etc/ssl/certs,cert=<clientcertificate.pem>,key=<clientcertificate.key>

the key= parameter is optional if already in the cert file

As the CA is self-signed, instead of capath=, you probably should use
cafile=<cafile> instead. Which is specially good if your socat version
is below 1.7.3.0, as it didn't verify that the certificate corresponded
to the name before that.

Once you get the right socat command to connect to your server, it is
possible to configure evolution¹ to use a shell command instead of a
normal socket connection, thus solving the problem.



¹ I'm not able to find _how_ to configure it, though. It is possible
that it has no UI, requiring you to edit the files directly. But the
code is there. Hopefully someone will complete this by providing those
instructions.



Best regards

Follow-Ups:
- Re: [Evolution] Howto make Evolution 3.36.3 send a client cert for authentication?
  - From: Milan Crha

References:
- [Evolution] Howto make Evolution 3.36.3 send a client cert for authentication?
  - From: patrick+evolution-list
- Re: [Evolution] Howto make Evolution 3.36.3 send a client cert for authentication?
  - From: Milan Crha

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]