[Dovecot] 1.0-test1 released
I couldn't break this with Evolution with a few minutes of testing, so here's the first tarball release based on the new indexing code. Try if you're interested, but don't try it on any real mailboxes, or at least keep backups :)
Also note that dovecot-uidlist file format has changed a bit, Dovecot 0.99.x isn't able to read it anymore.
Things to do:
- mbox code doesn't even compile, so it's disabled
- custom flags aren't implemented
- recent flags are broken
- cache file handling isn't working now, so it's disabled
- maildir syncing code isn't as well optimized as it used to be
- NFS-safety to indexes (pretty easy)
On Sun, 25 Apr 2004, Timo Sirainen wrote:
I couldn't break this with Evolution with a few minutes of testing, so here's the first tarball release based on the new indexing code. Try if you're interested, but don't try it on any real mailboxes, or at least keep backups :)
Not quite 0day but I have prepared .debs and put them on http://src.braincells.com/dovecot-test/. These packages are deliberately non-aptable. You need to download them and manually install them with dpkg -i. Do not use them if you are at all worried about potentially losing mail.
Also note that dovecot-uidlist file format has changed a bit, Dovecot 0.99.x isn't able to read it anymore.
Things to do:
- mbox code doesn't even compile, so it's disabled
- custom flags aren't implemented
- recent flags are broken
- cache file handling isn't working now, so it's disabled
- maildir syncing code isn't as well optimized as it used to be
- NFS-safety to indexes (pretty easy)
- make it work with gnutls10.
I have compiled the current versions with openssl because when using gnutls7 it causes segfaults with other Debian libraries (e.g. LDAP) which are now using gnutls10.
-- Jaldhar H. Vyas jaldhar@debian.org La Salle Debain - http://www.braincells.com/debian/
"Jaldhar H. Vyas" jaldhar@debian.org writes:
I have compiled the current versions with openssl because when using gnutls7 it causes segfaults with other Debian libraries (e.g. LDAP) which are now using gnutls10.
Name space issue? Berkeley DB offers --with-uniquename, maybe GnuTLS should do so as well.
-- Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95
On Thu, 29 Apr 2004, Matthias Andree wrote:
"Jaldhar H. Vyas" jaldhar@debian.org writes:
I have compiled the current versions with openssl because when using gnutls7 it causes segfaults with other Debian libraries (e.g. LDAP) which are now using gnutls10.
Name space issue?
No. API change + lack of versioned symbols.
-- Jaldhar H. Vyas jaldhar@debian.org La Salle Debain - http://www.braincells.com/debian/
On Thu, 2004-04-29 at 19:08, Jaldhar H. Vyas wrote:
"Jaldhar H. Vyas" jaldhar@debian.org writes:
I have compiled the current versions with openssl because when using gnutls7 it causes segfaults with other Debian libraries (e.g. LDAP) which are now using gnutls10.
Name space issue?
No. API change + lack of versioned symbols.
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
On Thu, 29 Apr 2004, Timo Sirainen wrote:
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt. I asked around and gnutls10 is supposed to be
basically compatible with gnutls7, they've just changed some API names and
prototypes.
I haven't really been able to test this much but fwiw, it compiles cleanly
and doesn't make dovecot crash (at least so far :-)
--- dovecot-1.0.orig/src/login-common/ssl-proxy-gnutls.c
+++ dovecot-1.0/src/login-common/ssl-proxy-gnutls.c
@@ -276,7 +276,7 @@
return;
/* i/o interrupted */
- dir = gnutls_handshake_get_direction(proxy->session) == 0 ?
+ dir = gnutls_record_get_direction(proxy->session) == 0 ?
IO_READ : IO_WRITE;
if (proxy->io_ssl_dir != dir) {
if (proxy->io_ssl != NULL)
@@ -298,7 +298,7 @@
gnutls_compression_set_priority(session, comp_priority);
gnutls_kx_set_priority(session, kx_priority);
gnutls_mac_set_priority(session, mac_priority);
- gnutls_cert_type_set_priority(session, cert_type_priority);
+ gnutls_certificate_type_set_priority(session, cert_type_priority);
gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
return session;
@@ -504,8 +504,8 @@
read_parameters(paramfile);
- if ((ret = gnutls_certificate_allocate_cred(&x509_cred)) < 0) {
- i_fatal("gnutls_certificate_allocate_cred() failed: %s",
+ if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
+ i_fatal("gnutls_certificate_allocate_credentials() failed: %s",
gnutls_strerror(ret));
}
@@ -516,12 +516,8 @@
certfile, keyfile, gnutls_strerror(ret));
}
- ret = gnutls_certificate_set_dh_params(x509_cred, dh_params);
- if (ret < 0)
- i_fatal("Can't set DH parameters: %s", gnutls_strerror(ret));
- ret = gnutls_certificate_set_rsa_params(x509_cred, rsa_params);
- if (ret < 0)
- i_fatal("Can't set RSA parameters: %s", gnutls_strerror(ret));
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+ gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);
ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
ssl_initialized = TRUE;
@@ -541,7 +537,7 @@
hash_iterate_deinit(iter);
hash_destroy(ssl_proxies);
- gnutls_certificate_free_cred(x509_cred);
+ gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
}
--
Jaldhar H. Vyas
On 30.4.2004, at 23:19, Jaldhar H. Vyas wrote:
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt. I asked around and gnutls10 is supposed to be basically compatible with gnutls7, they've just changed some API names and prototypes.
I haven't really been able to test this much but fwiw, it compiles cleanly and doesn't make dovecot crash (at least so far :-)
It still doesn't check gnutls_record_recv/send return values, so if the record can't be fully read/written the connection might get stuck.. The current code only tries to re-read if gnutls_record_recv fails, but it might need to re-send or re-handshake instead which it doesn't attempt, the same for gnutls_record_send..
[Was Re: [Dovecot] Re: 1.0-test1 released ]
On Fri, 30 Apr 2004, Timo Sirainen wrote:
It still doesn't check gnutls_record_recv/send return values, so if the record can't be fully read/written the connection might get stuck.. The current code only tries to re-read if gnutls_record_recv fails, but it might need to re-send or re-handshake instead which it doesn't attempt, the same for gnutls_record_send..
Just to clarify, are you saying my patch is incomplete or is it incorrect?
-- Jaldhar H. Vyas jaldhar@debian.org La Salle Debain - http://www.braincells.com/debian/
participants (3)
-
Jaldhar H. Vyas
-
Matthias Andree
-
Timo Sirainen