Hi!
Hope this is the right format and forum.
I've taken a look at providing TLS/ SSL support for POP3 and
RemoteManager and here are the patches.
In this message:
patch for POP3Server;
patch for RemoteManager
patch for JAMES.conf.xml
patch for avalon.SocketManger (which you need to compile James with the
patched pop3 and rm - James uses constants declared here)
new JamesWithTLS.txt howto (hope this is not too basic)
Seperately, I've sent Peter Donald the actual TLSServerSocketAcceptor
file, together with a dummy keys file avalonTestKeys and an amended
Avalon.conf.xml and build.xml. You don't need any of these unless you
want TLS support. He has volunteered to check & commit to avalon CVS.
Any questions? Fire away!
Charles
Patches follow
Index: POP3Server.java
===================================================================
RCS file:
/products/cvs/master/james/src/org/apache/james/pop3server/POP3Server.java,v
retrieving revision 1.11
diff -u -r1.11 POP3Server.java
--- POP3Server.java 2000/06/23 10:55:26 1.11
+++ POP3Server.java 2000/08/23 11:25:51
@@ -54,7 +54,16 @@
}
} catch (ConfigurationException e) {
}
- socketServer.openListener("POP3Listener", SocketServer.DEFAULT,
port, bind, this);
+
+ String type = SocketServer.DEFAULT;
+ try {
+ if (conf.getConfiguration("useTLS").getValue().equals("TRUE"))
type = SocketServer.TLS;
+ } catch (ConfigurationException e) {
+ }
+ String typeMsg = "POP3Listener using " + type + " on port " + port;
+ logger.log(typeMsg, "POP3", logger.INFO);
+
+ socketServer.openListener("POP3Listener", type, port, bind,
this);
logger.log("POP3Server ...init end", "POP3", logger.INFO);
}
===
Index: RemoteManager.java
===================================================================
RCS file:
/products/cvs/master/james/src/org/apache/james/remotemanager/RemoteManager.java,v
retrieving revision 1.15
diff -u -r1.15 RemoteManager.java
--- RemoteManager.java 2000/06/23 10:55:28 1.15
+++ RemoteManager.java 2000/08/23 11:27:19
@@ -56,6 +56,7 @@
this.timeServer = (TimeServer)
comp.getComponent(Interfaces.TIME_SERVER);
SocketServer socketServer = (SocketServer)
comp.getComponent(Interfaces.SOCKET_SERVER);
int port = conf.getConfiguration("port").getValueAsInt(4554);
+
InetAddress bind = null;
try {
String bindTo = conf.getConfiguration("bind").getValue();
@@ -64,7 +65,16 @@
}
} catch (ConfigurationException e) {
}
- socketServer.openListener("JAMESRemoteControlListener",
SocketServer.DEFAULT, port, bind, this);
+
+ String type = SocketServer.DEFAULT;
+ try {
+ if (conf.getConfiguration("useTLS").getValue().equals("TRUE"))
type = SocketServer.TLS;
+ } catch (ConfigurationException e) {
+ }
+ String typeMsg = "RemoteManager using " + type + " on port " + port;
+ logger.log(typeMsg, "RemoteAdmin", logger.INFO);
+
+ socketServer.openListener("JAMESRemoteControlListener",type,
port, bind, this);
admaccount = new Hashtable();
for (Enumeration e =
conf.getConfigurations("administrator_accounts.account");
e.hasMoreElements();) {
Configuration c = (Configuration) e.nextElement();
===
Index: JAMES.conf.xml
===================================================================
RCS file:
/products/cvs/master/james/src/org/apache/james/JAMES.conf.xml,v
retrieving revision 1.36
diff -u -r1.36 JAMES.conf.xml
--- JAMES.conf.xml 2000/07/27 21:24:46 1.36
+++ JAMES.conf.xml 2000/08/23 11:24:02
@@ -45,8 +45,10 @@
<inboxRepository> file://../var/mail/localinbox/
</inboxRepository>
<pop3Server>
- <port>110</port>
+<!-- port 995 is the well-known/ IANA registered port for POP3S ie over
SSL/TLS -->
+ <port>110</port>
<!-- <bind> </bind> uncomment this if you want to bind
to a specific inetaddress-->
+<!-- <useTLS>TRUE</useTLS> uncomment this if you want to
use TLS (SSL) on this port -->
<pop3handler>
<connectiontimeout> 120000 </connectiontimeout>
</pop3handler>
@@ -63,6 +65,7 @@
<remoteManager>
<port>4555</port>
<!-- <bind> </bind> uncomment this if you want to bind
to a specific inetaddress-->
+<!-- <useTLS>TRUE</useTLS> uncomment this if you want to
use TLS (SSL) on this port -->
<administrator_accounts>
<account login="root" password="root"/>
</administrator_accounts>
===
Index: SocketServer.java
===================================================================
RCS file:
/products/cvs/master/framework/src/org/apache/avalon/blocks/SocketServer.java,v
retrieving revision 1.4
diff -u -r1.4 SocketServer.java
--- SocketServer.java 2000/06/22 09:59:23 1.4
+++ SocketServer.java 2000/08/23 11:40:52
@@ -21,6 +21,8 @@
public final static String IPFILTERING = "IPFILTERING";
+ public final static String TLS = "TLS";
+
public void openListener(String name, String type, int port,
InetAddress bind, SocketServer.SocketHandler handler);
public void openListener(String name, String type, int port,
SocketHandler handler);
@@ -42,4 +44,4 @@
public void listen(int port, SocketHandler handler, InetAddress
bind);
}
-}
\ No newline at end of file
+}
===
new file: JamesWithTLS.txt
================================================================
James with TLS
by Charles Benett <[EMAIL PROTECTED]>
1. Get sources
a) Obtain the avalon-james-1-1b1 branch source from cvs
i) cvs -d :pserver:[EMAIL PROTECTED]:/products/cvs/master
login
(password is jservpub)
ii) cvs -d :pserver:[EMAIL PROTECTED]:/products/cvs/master
checkout framework
iii) cd framework
iv) cvs update -r avalon-james-1-1b1
b) Obtain JSSE source from java.sun.com. Follow their installation
directions. We assume that you install JSSE as a standard extension,
with a static provider definition. (See notes with JSSE distribution)
c) Obtain JAMES source, either from cvs or JAMES distribution.
2. Compiling Avalon with or without TLS support
- use the build.sh/ build.bat script
- the buildfile checks for the existence of the JSSE class
javax.net.ssl.SSLServerSocketFactory. Only if this is available to the
JVM is TLS support included.
3. copy jar file from avalon build directory to JAMES lib directory.
- Compile JAMES
4. Using JAMES with TLS. You need to do three things over and above
normal operation of James
a) In Avalon.conf.xml, uncomment the TLS listener defintion
b) In JAMES.conf.xml, uncomment the <useTLS>TRUE</useTLS> element for
the service you want to use TLS. Currently available for remote manager
and POP3. (If using POP3 over TLS, probably best to change port to 995,
which is the designated POP3S port)
c) Ensure that avalonTestKeys is in the conf directory. You may need to
manually extract this from Avalon.jar (jar xvf Avalon.jar
conf/avalonTestKeys)
5. Start James
6. Verify TLS support.
a) (Negative Test) telnet to port 4555 (ie without SSL). This should
hang the telnet client. It should also lock port 4555 until the
connection timesout, I think.
b) (Positive Test) Use an SSL client to open a socket to 4555 or 995 (Or
whichever port number you set in JAMES.conf.xml). I used openssl from
www.openssl.org to test this. E.g. openssl s_client -connect
localhost:4555. You should see the normal remote manager or POP3 server
greeting and have normal operation.
- If, using openssl s_client you get connection refused/ error no 111,
just try again. This probably means you got to the port before it was
ready.
===
End of message
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://www.mail-archive.com/james%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
