Hi Albrecht:
On 03/25/2017 08:56:50 AM Sat, Albrecht Dreß wrote:
Hi all,
I created a larger patch which moves POP3 support to the GIO-based networking
library I introduced for SMTP. As the base class and the infrastructure has
been added with the latter, this patch is not as large. The main benefit is a
simplification of the code, and the possibility to re-use some components. I
hope that in the long run (i.e. I have to look into IMAP...) we can remove the
dependency on OpenSSL which has always been a source of serious security bugs
and required some version checking tweaks Peter added.
The POP3 implementation supports everything the current implementation did,
i.e. pipelining, starttls and pop3s, and several (actually more) authentication
methods. Inherited from the NetClient base class, using client certificates is
now possible. Of course, unit tests and documentation are also included.
Additionally, some callbacks and config values I added for SMTP can now also be
used for POP3, so I shifted them to the server class.
A quite large part involves re-factoring the mailbox implementation. Some
parts seemed to be /very/ old and partly broken.
The caching of UID's (if messages shall be left on the server) apparently tried
to implement race-free access to the cache file using file locks which is
/wrong/ as they work between /processes/ only, but not between /threads/ (and
in the save method the lock structure is configured, but flock never been
called, so even this lock was never applied). Furthermore, if the cache is
updated for more than one POP3 mailbox simultaneously, changes may be
overwritten. Although Balsa apparently never performs simultaneous POP mailbox
downloads, the new implementation is race-free.
Message handling was also over-complex: a temp file is always created. If the
message shall be fed into procmail, the file is never used. Otherwise, the
message is written to the file, which is then re-read into a GMime stream. I
completely omit the temp file, and write either to the procmail pipe, or
directly into the GMime stream, which as a side effect eliminates several error
paths.
The progress dialogue in the current solution switched between message count
and data size which is confusing. I now show both the message number and the
(formatted) sizes which looks better IMHO.
On the UI side, I additionally changed the layout of the POP3 config dialogue
like the one for SMTP, i.e. there is now a Security setting on the basic tab,
instead of the split ssl/tls config on the advanced tab, and the client
certificate configuration has been added. *Note that it may be necessary to
update the security settings, as the old config items are not translated.*
The patch set is split into three bzip'ed parts, as the balsa mailing list does
not accept more than 40 kBytes. The summary of changes in each file are in the
respective following messages.
As always, any feedback will be highly appreciated!
I just installed the patches and began testing, with POP3S. One of the first few messages
raised the "reply length %lu exceeds the maximum allowed length %lu" error, and
apparently was not deleted from the host: every time I checked the mail, I got a fresh
copy.
A *quick* look at the code suggests that the FALSE return from
net_client_read_line gets passed all the way up to libbalsa_mailbox_pop3_check,
which then chooses not to delete the message(s). Perhaps, unless there are
security implications, we should be more forgiving of an over-long line.
But that's the only issue I've seen so far!
Best,
Peter
_______________________________________________
balsa-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/balsa-list
