[ingo] Sieve over SSL/TLS?
Jan Schneider
jan at horde.org
Sat Jul 9 00:22:08 PDT 2005
Zitat von Aleksandar Milivojevic <alex at milivojevic.org>:
> Jan Schneider wrote:
>> Zitat von alex at milivojevic.org:
>>
>>> I've had a peek at Net_SIEVE module, and it seems it only parses the
>>> capabilities and sets flag if STARTTLS is present in the list of
>>> capabilities. Not sure if this just reflects future plans to add
>>> support for it in Net_SIEVE,
>>> or if applications using it can issue raw STARTTLS, handle TLS handshake
>>> themself and provide callback functions for read/write (that would
>>> encrypt/decrypt data stream, something like proftpd implements TLS).
>>
>> While this would technically be possible, it would require to port a
>> complete TLS library to PHP, which is a bad idea IMO.
>
> Hm, not sure if I understood this part. There's really no difference
> when building SSL channel after connect, or building it after server
> acknowledges STARTTLS. The SSL handshake that happens after STARTLS (in
> plaintext versions of protocols) is exactly the same thing as SSL
> handshake that happens after connection establishement in "s" versions
The difference is that you do TLS handshakes on an existing connection.
PHP has no builtin support for such a thing, even SSL connections are
handled as wrappers in PHP internally, you can't use them from userland
code.
As the whole sieve protocol is implemented in PHP userland code
(Net_Sieve), you would need a way to hand the existing TCP connection
over to the TLS handshake code.
> of protocols. So if it is possible to have SSL encrypted connection for
> IMAP protocol, I don't see why not SIEVE?
Because the IMAP protocol is implemented as an extension, and not even
this extension is doing the communication but the (external) c-client
library. There also exist userland implementations of the IMAP protocol
that lack TLS support too.
If there was a PHP extension for sieve, that would be a different story.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the ingo
mailing list