********* NOTE ********* This software is now obsolete. The University of Washington has included SSL functionality in their most recent release of the c-client code. Add SPECIALAUTHENTICATORS="ssl" to your build command and it should just work. Pine will also, aparently, provide certificate validation, which is a definate plus. ----- SSL hack for Pine 4 Copyright 1999-2000, Nick Sayer, All Rights Reserved This package is an SSL add-on for Pine 4. It was developed independently from Pine. Pine was developed at the University of Washington, a public University. The Washington state government has forbidden UW from releasing any encryption code, so an independent effort was necessary. This is the fruits of it. Nobody at UW is even allowed to help you install or use this code, so don't bother asking them. Nobody at UW contributed in any way to the development of this code (because it would have gotten them into hot water). Installing is pretty easy: 0. Install either SSLeay or openssl or equiv. This step may involve installing rsaref as well. 1. Unpack pine source. 2. Unpack imap+ssl-1.0.tar.gz on top of your pine source. It will add 4 files: This README.ssl and FAQ.ssl (in the top dir), auth_ssl.c and Makefile.ssl (both in imap/src/osdep/unix). You may need to edit Makefile.ssl to change the location where your ssl libraries are located. 3. Add EXTRAAUTHENTICATORS=ssl to the end of the "build" command you would normally use. If you want to restrict the versions of SSL that will be attempted, you can add either EXTRACFLAGS=-DTLSV1ONLYSERVER or EXTRACFLAGS=-DSSLV3ONLYSERVER as well. These control the _client_method() call made at initialization. By default it calls SSLv23_client_method(). If you are using RSAREF, you must also add RSAREF=yes 4. To actually specify an SSL connection, use /ssl as an option when specifying a remote host specification. For example, {mailhost/imap/ssl}Mail/[] as a folder collection will use SSL-IMAP. SHORTCOMINGS: 1. The server certificate is not verified or even displayed. 2. Broken sockets and EINTR are probably not handled correctly - you probably will hose yourself over if the server disconnects you. HISTORY 1.5 - 08 Aug 2000 Fix the copyright dates. Fix a dangling reference to RSAREF in this README. Add some seed file management code (thanks, Tobias Reber for pointing out the problem). 1.4 - 14 Jan 2000 Fixed memory leak -- free read buffer when closing Add SSLV?ONLYSERVER options (thanks, Seth Theriault). Declare most of our stuff static to insure against namespace collisions. Add RSAREF option to make adding -lrsaref optional 1.3 - 19 Aug 1999 Added FAQ.ssl Rewrote the read routines to use a new buffering layer. This code should do the right thing for reading, in general. 1.2 - 20 Jul 1999 Fixed memory leak in open() caused by error returns Actually incremented the version number in the source this time. Changed SSLeay_add_new_algorithms() to SSL_library_init() Closed TCP stream if SSL_connect() fails. 1.1 - 01 Jul 1999 removed extra malloc from open(). Instead, added '*' to the mail_parameter() calls in _init(). changed shortcoming #2 to better describe the problem. removed promise for server cert verification in next version. added README wording about support for openssl. removed wording about legal requirements for using rsaref. YOU figure it out. added more comments. changed SSL_set_fd() to separate calls to _rfd() and _wfd() for separate descriptors for reading and writing. Current tcp_open() insures tcpso==tcpsi, but that's not guaranteed, I suppose. added error logging to ssl_open(). Of course, openssl's error message wording is a bit obtuse, but at least when it mumbles about server hello or some such you can grok that you're not connecting to an SSL equipped port. changed to , which seems to have been recently done by openssl. SSLeay is dead. Long live SSLeay. 1.0 - 23 Jun 1999 Initial release