* [PATCH 13/16] net_reader: no STARTTLS for IMAP localhost or onions
2021-09-19 12:50 6% [PATCH 00/16] lei IPC overhaul, NNTP fixes Eric Wong
@ 2021-09-19 12:50 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2021-09-19 12:50 UTC (permalink / raw)
To: meta
At least not by default, to match existing NNTP behavior.
Tor .onions are already encrypted, and there's no point
in encrypting traffic on localhost outside of testing.
---
lib/PublicInbox/NetReader.pm | 20 +++++++++++---------
t/imapd-tls.t | 11 +++++++++--
t/nntpd-tls.t | 8 ++++++++
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index 236e824c..e305523e 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -91,6 +91,16 @@ try configuring a socks5h:// proxy:
EOM
}
+# Net::NNTP doesn't support CAPABILITIES, yet; and both IMAP+NNTP
+# servers may have multiple listen sockets.
+sub try_starttls ($) {
+ my ($host) = @_;
+ return if $host =~ /\.onion\z/si;
+ return if $host =~ /\A127\.[0-9]+\.[0-9]+\.[0-9]+\z/s;
+ return if $host eq '::1';
+ 1;
+}
+
# mic_for may prompt the user and store auth info, prepares mic_get
sub mic_for ($$$$) { # mic = Mail::IMAPClient
my ($self, $uri, $mic_common, $lei) = @_;
@@ -122,6 +132,7 @@ sub mic_for ($$$$) { # mic = Mail::IMAPClient
# it to be disabled since I usually connect to localhost
if (!$mic_arg->{Ssl} && !defined($mic_arg->{Starttls}) &&
$mic->has_capability('STARTTLS') &&
+ try_starttls($host) &&
$mic->can('starttls')) {
$mic->starttls or die "E: <$uri> STARTTLS: $@\n";
}
@@ -164,15 +175,6 @@ sub mic_for ($$$$) { # mic = Mail::IMAPClient
$mic;
}
-# Net::NNTP doesn't support CAPABILITIES, yet
-sub try_starttls ($) {
- my ($host) = @_;
- return if $host =~ /\.onion\z/s;
- return if $host =~ /\A127\.[0-9]+\.[0-9]+\.[0-9]+\z/s;
- return if $host eq '::1';
- 1;
-}
-
sub nn_new ($$$) {
my ($nn_arg, $nntp_cfg, $uri) = @_;
my $nn;
diff --git a/t/imapd-tls.t b/t/imapd-tls.t
index 72ba8769..73f5112f 100644
--- a/t/imapd-tls.t
+++ b/t/imapd-tls.t
@@ -1,8 +1,8 @@
+#!perl -w
# Copyright (C) 2020-2021 all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
use strict;
-use warnings;
-use Test::More;
+use v5.10.1;
use Socket qw(IPPROTO_TCP SOL_SOCKET);
use PublicInbox::TestCommon;
# IO::Poll is part of the standard library, but distros may split it off...
@@ -155,6 +155,13 @@ for my $args (
ok(sysread($slow, my $end, 4096) > 0, 'got end');
is(sysread($slow, my $eof, 4096), 0, 'got EOF');
+ test_lei(sub {
+ lei_ok qw(ls-mail-source), "imap://$starttls_addr",
+ \'STARTTLS not used by default';
+ ok(!lei(qw(ls-mail-source -c imap.starttls=true),
+ "imap://$starttls_addr"), 'STARTTLS verify fails');
+ });
+
SKIP: {
skip 'TCP_DEFER_ACCEPT is Linux-only', 2 if $^O ne 'linux';
my $var = eval { Socket::TCP_DEFER_ACCEPT() } // 9;
diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t
index 2c09d34e..9af6c254 100644
--- a/t/nntpd-tls.t
+++ b/t/nntpd-tls.t
@@ -146,6 +146,14 @@ for my $args (
is(sysread($slow, my $eof, 4096), 0, 'got EOF');
$slow = undef;
+ test_lei(sub {
+ lei_ok qw(ls-mail-source), "nntp://$starttls_addr",
+ \'STARTTLS not used by default';
+ ok(!lei(qw(ls-mail-source -c nntp.starttls=true),
+ "nntp://$starttls_addr"), 'STARTTLS verify fails');
+ diag $lei_err;
+ });
+
SKIP: {
skip 'TCP_DEFER_ACCEPT is Linux-only', 2 if $^O ne 'linux';
my $var = eval { Socket::TCP_DEFER_ACCEPT() } // 9;
^ permalink raw reply related [relevance 7%]
* [PATCH 00/16] lei IPC overhaul, NNTP fixes
@ 2021-09-19 12:50 6% Eric Wong
2021-09-19 12:50 7% ` [PATCH 13/16] net_reader: no STARTTLS for IMAP localhost or onions Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2021-09-19 12:50 UTC (permalink / raw)
To: meta
11/16 is a bit worrying for saved search dedupe over HTTP(S),
and I can't seem to reproduce it reliably, either..
ls-mail-source and import use is far nicer, as it provides a
good avenue for doing partial fetches.
lei/store IPC got a massive overhaul, and the sto_done_request
simplification is nice. This will probably simplify automatic
export-kw support to IMAP folders.
I also noticed "lei config --edit" was wonky, so
I made it share code with "lei edit-search".
Starting to document config knobs, too.
Eric Wong (16):
ipc: wq_do: support synchronous waits and responses
ipc: allow disabling broadcast for wq_workers
lei/store: use SOCK_SEQPACKET rather than pipe
lei: simplify sto_done_request
lei_xsearch: drop Data::Dumper use
ipc: drop dynamic WQ process counts
lei: clamp internal worker processes to 4
lei ls-mail-source: use "high"/"low" for NNTP
lei ls-mail-source: pretty JSON support
net_reader: fix single NNTP article fetch, test ranges
xt: add fsck script over over.sqlite3
watch: use net_reader->mic_new wrapper for SOCKS+TLS
net_reader: no STARTTLS for IMAP localhost or onions
lei config --edit: use controlling terminal
net_reader: disallow imap.fetchBatchSize=0
doc: lei-config: document various knobs
Documentation/lei-config.pod | 91 +++++++++++++++++++-
MANIFEST | 2 +
lib/PublicInbox/IPC.pm | 117 +++++++++++---------------
lib/PublicInbox/LEI.pm | 32 +++----
lib/PublicInbox/LeiConfig.pm | 42 +++++++++
lib/PublicInbox/LeiEditSearch.pm | 60 +++++--------
lib/PublicInbox/LeiExternal.pm | 2 +-
lib/PublicInbox/LeiImport.pm | 2 +-
lib/PublicInbox/LeiImportKw.pm | 6 +-
lib/PublicInbox/LeiIndex.pm | 2 +-
lib/PublicInbox/LeiInit.pm | 4 +-
lib/PublicInbox/LeiInput.pm | 2 +-
lib/PublicInbox/LeiLsMailSource.pm | 25 +++---
lib/PublicInbox/LeiNoteEvent.pm | 11 +--
lib/PublicInbox/LeiRefreshMailSync.pm | 2 +-
lib/PublicInbox/LeiRemote.pm | 4 +-
lib/PublicInbox/LeiRm.pm | 2 +-
lib/PublicInbox/LeiSavedSearch.pm | 16 +---
lib/PublicInbox/LeiStore.pm | 22 ++---
lib/PublicInbox/LeiTag.pm | 2 +-
lib/PublicInbox/LeiToMail.pm | 22 ++---
lib/PublicInbox/LeiXSearch.pm | 9 +-
lib/PublicInbox/NetReader.pm | 39 +++++----
lib/PublicInbox/WQWorker.pm | 9 +-
lib/PublicInbox/Watch.pm | 3 +-
t/imapd-tls.t | 11 ++-
t/ipc.t | 19 ++---
t/lei-import-nntp.t | 26 ++++++
t/lei.t | 3 +
t/nntpd-tls.t | 8 ++
t/uri_nntps.t | 3 +
xt/over-fsck.perl | 44 ++++++++++
32 files changed, 403 insertions(+), 239 deletions(-)
create mode 100644 lib/PublicInbox/LeiConfig.pm
create mode 100644 xt/over-fsck.perl
^ permalink raw reply [relevance 6%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-09-19 12:50 6% [PATCH 00/16] lei IPC overhaul, NNTP fixes Eric Wong
2021-09-19 12:50 7% ` [PATCH 13/16] net_reader: no STARTTLS for IMAP localhost or onions Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).