[ingo] Sieve over SSL/TLS?

[Aleksandar Milivojevic]

Jan Schneider wrote:
> Zitat von Aleksandar Milivojevic <alex at milivojevic.org>:
> 
> 
>>Jan Schneider wrote:
>>
>>>Zitat von alex at milivojevic.org:
>>>
>>>
>>>>I've had a peek at Net_SIEVE module, and it seems it only parses the
>>>>capabilities and sets flag if STARTTLS is present in the list of
>>>>capabilities. Not sure if this just reflects future plans to add
>>>>support for it in Net_SIEVE,
>>>>or if applications using it can issue raw STARTTLS, handle TLS handshake
>>>>themself and provide callback functions for read/write (that would
>>>>encrypt/decrypt data stream, something like proftpd implements TLS).
>>>
>>>While this would technically be possible, it would require to port a
>>>complete TLS library to PHP, which is a bad idea IMO.
>>
>>Hm, not sure if I understood this part.  There's really no difference
>>when building SSL channel after connect, or building it after server
>>acknowledges STARTTLS.  The SSL handshake that happens after STARTLS (in
>>plaintext versions of protocols) is exactly the same thing as SSL
>>handshake that happens after connection establishement in "s" versions
> 
> 
> The difference is that you do TLS handshakes on an existing connection. 
> PHP has no builtin support for such a thing, even SSL connections are 
> handled as wrappers in PHP internally, you can't use them from userland 
> code.
> As the whole sieve protocol is implemented in PHP userland code 
> (Net_Sieve), you would need a way to hand the existing TCP connection 
> over to the TLS handshake code.

Ah, I see now.  Thanks, that was the part I was missing.