> no-one wants to tackle this, I guess? I think I missed the original message... so lets see...
> can someone point me in the right direction regarding debugging the > uw-imap / SM communication challenge? Without putting in debugging code all over the place (well in the login function anyway), there is no real debugging support... At least not in the 1.x series anyway. >> under mac os x 10.2.6 >> PHP 4.3.0 >> Apache/1.3.27 >> register globals is on in "httpd.conf" for this domain only >> (from a long-past attempt at installing SQM) >> >> sendmail 8.x >> uw-imap (2002 rc10, also tested with current release) - on 993, >> plaintext login disabled Did you make sure you installed PHP with OpenSSL support? If you don't, the n the login will fail. >> squirrelmail 1.4.1 has been configured for secure logins to imap on >> 993 using login, and is a fresh install. in the config script, >> autodiscovery of authentication methods to the imap server fails, >> but curiously, succeeds on SMTP. The perl script is unlikely to be able to connect to IMAPS, and as such, probably won't be able to return the correct data, and as such, fails. >> http://tools.whybark.com/phpinfo.php Hrm... I don't see OpenSSL options enabled in there... are you sure you compiled it correctly? You might want to verify that, and test again. >From the basic error message, it looks like we established a socket connection, but it got closed again because of the failure to negotiate an SSL transaction. The curious thing however is that your configuration didn't complain about the lack of openssl compile, what do you have for display_errors and error_reporting in your php.ini file? Did you enable TLS/SSL in the configuration? [..] >>Therefore, i have several questions. >> >>* why does the error message present the password to the browser >> screen as typed? It's the way the error message is reported. I guess we can drop in a check to see if it's the login method, and hide the message, however sometimes it's useful for debugging. >>* Can this be disabled? Might be worth a peek, but then again, it might not be as I said, the error report might be useful, for example it might show a messed up character. >>* Is the login form passing the login information as plaintext, >> which is disabled? That depends on how you setup your webserver. If you setup your webserver to use just HTTP, then use, the login form is plain text. If you setup your login form to use SSL, then no, it's encrypted. That has nothing to do with the way SquirrelMail works incidentally. For more information on encryption on http, I suggest the mod_ssl website. I think that's http://www.modssl.org -- Jonathan Angliss ([EMAIL PROTECTED]) ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
