Hi Charles,
Excuse us to cause you a trouble possibly due to the Debian patch.
Your comment on this patch was:
> Unfortunately this functionality requires Python 2.6 or newer, at least as far
> as I can tell. Python 2.{3,4,5} only have socket.ssl(), not
> ssl.wrap_socket(), and socket.ssl() doesn't support specifying the SSL
> version.
This is very interesting comment. Thanks.
As for Debian, Debian has been using 2.6 with oldstable and 2.7 with
stable release. (Released every 2 years.) So this should be no problem
in Debian if the user follow standard operating procedure. (Mixing new
binary package into old release is No-No.)
On Wed, May 29, 2013 at 04:13:39PM -0600, Charles Cazabon wrote:
> Hi, Jidanni,
>
> > I don't think so, as I can turn the bug on and off by switching between
> > 4.32 and 4.40 with dpkg -i, and everything else not changing.
>
> This doesn't make a lot of sense to me. There's no difference in the
> IMAP(-SSL) connection code between those versions of getmail -- none at all.
Yes and no.
There were Debian patch to address MS IMAP.
http://bugs.debian.org/701844
This is the patch you rejected with a good reason as upstream.
> And if you're saying that 4.32.0 can connect to a given IMAP-SSL server, but
> 4.40.x cannot connect to that same server -- getmail has never specified an
> SSL version to connect with, because historically that wasn't supported by the
> Python stdlib. It sounds to me like there must be another difference between
> the two configurations -- something lower in the stack that affects which SSL
> version is chosen (if that's the problem here).
>
> Are the two using different Python interpreters? Maybe they've been compiled
> with different options, or linked against different SSL libs?
Not really. This package is in unstable/testing. That is 2.7.3 and it
is still the same as stable release one.
> Or perhaps, is one or both of those Debian packages patching my source? I
> can't make them behave differently here, but I don't know what server user(s)
> are having problems with either.
Patch attached here just to be sure.
> Some hints on how to reproduce the problem, and what the problem actually is,
> would be useful.
This is what we got from jidanni:
> WMB> jidanni: What kind of IMAP server is it?
>
> $ imapd --version
> Courier 0.53.3 (Courier-IMAP 4.1.1)/x86_64-unknown-linux-gnu/Tue Feb 13
> 10:08:52 UTC 2007
>
> $ netcat m.jidanni.org 143
> * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS]
> Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See
> COPYING for distribution information.
Martin, any thought?
Osamu
From: "W. Martin Borgert" <deba...@debian.org>, Ana Beatriz Guerrero Lopez <a...@debian.org>
Description: Microsoft Exchange Server 2003 compatibilty enhancement
With changing from squeeze to wheezy, I could not get emails from an
Microsoft Exchange Server 2003 anymore with getmail4. This is caused by
changed default in the OpenSSL library. Linking Python against libssl
from squeeze "solves" the problem in fact, but of course, this is not an
option. The correct solution seems to be to set the right SSL protocol
version when connecting, but unfortunately, Python before 3.3.0 does not
allow to set the SSL version for the IMAP4_SSL class, which is used by
getmail4. One can, however, monkey patch it, which should greatly
improve compatibility. Given that MSexChange is regrettably widespread,
I took the liberty to set the severity to important. The patch needs a
review desperately, but it works for me.
--- a/getmailcore/compatibility.py
+++ b/getmailcore/compatibility.py
@@ -10,6 +10,8 @@
import sys
import imaplib
import new
+import socket
+import ssl
if sys.version_info < (2, 4, 0):
@@ -76,3 +78,23 @@
imaplib.IMAP4_SSL.read = new.instancemethod(fixed_read, None,
imaplib.IMAP4_SSL)
+
+if sys.version_info < (3, 3, 0):
+ # enhance compatibility, e.g. for Microsoft Exchange Server 2003:
+ # IMAP4_SSL class uses ssl.PROTOCOL_SSLv23, which is the best choice
+ # for servers, but the Python documentation states, that for clients
+ # ssl.PROTOCOL_SSLv3 is the most compatible SSL variant. This monkey
+ # patch should be removed for Python >= 3.3.0 and the ssl.SSLContext
+ # should be used instead.
+ def IMAP4_SSL_open(self, host = '', port = imaplib.IMAP4_SSL_PORT):
+ self.host = host
+ self.port = port
+ self.sock = socket.create_connection((host, port))
+ self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
+ ssl_version=ssl.PROTOCOL_SSLv3)
+ self.file = self.sslobj.makefile('rb')
+
+ imaplib.IMAP4_SSL.open = new.instancemethod(IMAP4_SSL_open, None,
+ imaplib.IMAP4_SSL)
+else:
+ raise DeprecationWarning("better use ssl.SSLContext now")
