[Bug 207021] New: sni support for imaps/pop3s in kio

[Daniel Black]

https://bugs.kde.org/show_bug.cgi?id=207021

           Summary: sni support for imaps/pop3s in kio
           Product: kmail
           Version: 1.12.1
          Platform: Gentoo Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
        AssignedTo: kdepim-bugs at kde.org
        ReportedBy: nulusdan at internode.on.net


Version:           1.12.1 (using KDE 4.3.1)
Compiler:          gcc (Gentoo 4.3.2-r3 p1.6, pie-10.1.5) 4.3.2 
OS:                Linux
Installed from:    Gentoo Packages

When imaps/pop3s use SSLv3/TLS1 they do not use the SNI extension defined by
RFC 4366. Enabling this would enable email providers to run multiple SSL/TLS
services on a single IP without certificate validation errors.

This still needs to be implemented in Qt:
qt-x11-opensource-src-4.5.1/src/network/ssl/qsslsocket_openssl.cpp:initSslContext

with something like:

+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)       
+       /* If SNI isn't supported, we just don't call it and fail silently,     
+        * as there's not much else we can do.                                  
+        */                                                                     
+       if ((configuration.protocol == QSsl::SslV2) &&                         
                                                                               
  ((mode == QSslSocket::SslClientMode))
+               SSL_set_tlsext_host_name(self->ssl,
q->peerName().toAscii().data());               
+#endif

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.