Support for STARTTLS

Question

Support for STARTTLS

rvuong opened this issue 4 years ago · comments

Hello,

I can't figure out how to connect with STARTTLS enabled.
I'm using the same config & credentials as with a mail client (thunderbird), which also works fine with openssl in CLI :

openssl s_client -showcerts -connect {host}:143 -starttls imap

I tried using the port 993. It then seems like a success, BUT fails afterwards on searching/fetching emails.

Am I acting stupid or something ?

Input:

let tls = native_tls::TlsConnector::builder().build().unwrap();
let client = imap::connect(
   (domain, port),
   domain,
   &tls,
);
eprintln!("{:#?}", client);

Output:

Err(
    TlsHandshake(
        Failure(
            Ssl(
                Error {
                    code: ErrorCode(
                        1,
                    ),
                    cause: Some(
                        Ssl(
                            ErrorStack(
                                [
                                    Error {
                                        code: 336130315,
                                        library: "SSL routines",
                                        function: "ssl3_get_record",
                                        reason: "wrong version number",
                                        file: "../ssl/record/ssl3_record.c",
                                        line: 332,
                                    },
                                ],
                            ),
                        ),
                    ),
                },
                X509VerifyResult {
                    code: 0,
                    error: "ok",
                },
            ),
        ),
    ),
)

Rémy Vuong · Answer 1 · Tue May 19 2020 00:47:45 GMT+0800 (China Standard Time)

When trying port 993 (not sure if it's worth trying it), connect, login, and select seem ok.
Then:

let messages = imap_session.search("UNSEEN");
// the same happens with
// let messages = imap_session.fetch("1", "RFC822")?;

Output:

Error: Parse(Unexpected("MailboxData(Flags([\"\\\\Answered\", \"\\\\Deleted\", \"\\\\Draft\", \"\\\\Flagged\", \"\\\\Seen\", \"$Forwarded\", \"$MDNSent\", \"Forwarded\", \"$Junk\", \"$NotJunk\", \"Junk\", \"JunkRecorded\", \"NonJunk\", \"NotJunk\"]))"))

Jon Gjengset · Answer 2 · Tue May 19 2020 01:58:05 GMT+0800 (China Standard Time)

If you want to use STARTTLS, you should use connect_starttls, not connect. connect attempts to establish a TLS connection immediately, which (as you observed) only works if you connect to the TLS endpoint on port 993.

As for the command that fails, that's pretty interesting. It seems like we get a FLAGS response sent unilaterally to us by the server. I'll dig into that a little!

Jon Gjengset · Answer 3 · Tue May 19 2020 02:13:18 GMT+0800 (China Standard Time)

@rvuong Can you try the latest release and see if that still errors for you?

Rémy Vuong · Answer 4 · Tue May 19 2020 14:56:58 GMT+0800 (China Standard Time)

If you want to use STARTTLS, you should use connect_starttls, not connect. connect attempts to establish a TLS connection immediately, which (as you observed) only works if you connect to the TLS endpoint on port 993.

connect_starttls works like a charm! I can't believe I hadn't found it before by myself. Thanks for pointing me on it.

Rémy Vuong · Answer 5 · Tue May 19 2020 15:01:36 GMT+0800 (China Standard Time)

@rvuong Can you try the latest release and see if that still errors for you?

It's a win! Thank you so much. Any way I can help this project in order to thank you?

Input:

let messages = imap_session.search("UNSEEN")?;
eprintln!("{:#?}", messages);

Output:

Jon Gjengset · Answer 6 · Tue May 19 2020 22:26:43 GMT+0800 (China Standard Time)

Awesome, so happy that it works! Documentation improvements are always warmly welcome. For example, if you find a way to make connect_starttls more discoverable for others in the future, that'd be great!