Skip Menu |

This queue is for tickets about the Mail-Box CPAN distribution.

Report information
The Basics
Id: 82990
Status: resolved
Priority: 0/
Queue: Mail-Box

People
Owner: Nobody in particular
Requestors: rotkraut [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: 2.107
Fixed in: (no value)



Subject: Support TLS in IMAP4 connection
It is obvious that one should never use plain text authentication over en unencrypted connection in the internet. Most IMAP4 servers thus support the connection to be encrypted using Transport Layer Security (TLS), many even require TLS to be used. Therefore, it would be desirable for Mail::Box to also support TLS for IMAP4 folders. Fortunately, the underlying module Mail::IMAPClient already supports TLS. One only need to pass the appropriate options to Mail::IMAPClient to switch TLS on. The attached patch does just this in Mail::Transport::IMAP4. I modified the method createImapClient to accept additional arguments that will be passed through to the call of Mail::IMAPClient->new. Then I modified the constructor of Mail::Transport::IMAP4 to accept a new optional argument "starttls" that will be passed to Mail::IMAPClient via createImapClient, if present. Using this patch, the following code now will connect to the IMAP server using TLS: use Mail::Box::IMAP4; my $imaphost = 'mail.example.org'; my $imapuser = 'USER'; my $imappass = 'PASS'; my $mailbox = 'INBOX'; my $folder = new Mail::Box::IMAP4(server_name => $imaphost, username => $imapuser, password => $imappass, folder => $mailbox, starttls => 1); print $folder->nrMessages, " messages\n"; Since the argument "starttls" is passed through unmodified, its semantic is the same as for Mail::IMAPClient, see the man page for this module for details.
Subject: Mail-Box-IMAP-TLS.patch
--- Makefile.PL.orig 2012-11-28 12:26:12.000000000 +0100 +++ Makefile.PL 2013-01-27 22:10:27.735400383 +0100 @@ -54,7 +54,7 @@ #break your Mail::Box installing process. #WARN - [ Mail::IMAPClient => '3.00', reason => <<'REASON' ] + [ Mail::IMAPClient => '3.22', reason => <<'REASON' ] Required for IMAP4 support. REASON --- lib/Mail/Transport/IMAP4.pm.orig 2012-11-28 12:28:35.000000000 +0100 +++ lib/Mail/Transport/IMAP4.pm 2013-01-27 22:17:45.172156091 +0100 @@ -39,7 +39,9 @@ $self->{MTI_domain} = $args->{domain}; unless(ref $imap) - { $imap = $self->createImapClient($imap) or return undef; + { my @clientargs = defined($args->{starttls}) ? + ( Starttls => $args->{starttls} ) : (); + $imap = $self->createImapClient($imap, @clientargs) or return undef; } $self->imapClient($imap) or return undef; @@ -114,16 +116,15 @@ } -sub createImapClient($) -{ my ($self, $class) = @_; +sub createImapClient($@) +{ my ($self, $class, @args) = @_; my ($host, $port) = $self->remoteHost; my $debug_level = $self->logPriority('DEBUG')+0; - my @debug; if($self->log <= $debug_level || $self->trace <= $debug_level) { tie *dh, 'Mail::IMAPClient::Debug', $self; - @debug = (Debug => 1, Debug_fh => \*dh); + push @args, (Debug => 1, Debug_fh => \*dh); } my $client = $class->new @@ -131,7 +132,7 @@ , User => undef, Password => undef # disable auto-login , Uid => 1 # Safer , Peek => 1 # Don't set \Seen automaticly - , @debug + , @args ); $self->log(ERROR => $@), return undef if $@; --- lib/Mail/Transport/IMAP4.pod.orig 2012-11-28 12:28:43.000000000 +0100 +++ lib/Mail/Transport/IMAP4.pod 2013-01-27 22:10:27.735400383 +0100 @@ -216,9 +216,10 @@ Add a folder. -=item $obj-E<gt>B<createImapClient>(CLASS) +=item $obj-E<gt>B<createImapClient>(CLASS, [ARGS]) Create an object of CLASS, which extends L<Mail::IMAPClient>. +The optional additional ARGS will be passed to the constructor of CLASS. =item $obj-E<gt>B<currentFolder>([FOLDERNAME])
I forgot to mention one detail: the patch raises the required version number for Mail::IMAPClient to 3.22. This was the version that added TLS support in this module. Mail::IMAPClient 3.22 is now three years old, so this requirement does not seem to be a too serious restriction.
Subject: Re: [rt.cpan.org #82990] Support TLS in IMAP4 connection
Date: Sun, 27 Jan 2013 23:31:10 +0100
To: Rolf Krahl via RT <bug-Mail-Box [...] rt.cpan.org>
From: Mark Overmeer <mark [...] overmeer.net>
* Rolf Krahl via RT (bug-Mail-Box@rt.cpan.org) [130127 22:13]: Show quoted text
> Sun Jan 27 17:13:33 2013: Request 82990 was acted upon. > Transaction: Ticket created by ROTKRAUT > Queue: Mail-Box > Subject: Support TLS in IMAP4 connection > > Fortunately, the underlying module Mail::IMAPClient already supports > TLS.
The Mail::Box::IMAP4 implementation got stuck in many bugs of Mail::IMAPClient at the time. A few years later, I hijacked that module, and fixed the 170 bug-reports. Now that module seems to be stable and actively maintained (maintenance moved on to someone else). However, I never found time to continue the implementation of Mail::Box::IMAP4. I do not use IMAP4 myself and have many other projects on my hands. So: you will find more problems. If you are in for a challenge, please send patches. I will apply them within days. -- Succes ;-) MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
Subject: Re: [rt.cpan.org #82990] Support TLS in IMAP4 connection
Date: Mon, 28 Jan 2013 00:17:37 +0100
To: Rolf Krahl via RT <bug-Mail-Box [...] rt.cpan.org>
From: Mark Overmeer <mark [...] overmeer.net>
* Rolf Krahl via RT (bug-Mail-Box@rt.cpan.org) [130127 22:13]: Show quoted text
> Sun Jan 27 17:13:33 2013: Request 82990 was acted upon. > Transaction: Ticket created by ROTKRAUT > Queue: Mail-Box > > --- lib/Mail/Transport/IMAP4.pm.orig 2012-11-28 12:28:35.000000000 +0100 > +++ lib/Mail/Transport/IMAP4.pm 2013-01-27 22:17:45.172156091 +0100 > @@ -39,7 +39,9 @@ > $self->{MTI_domain} = $args->{domain}; > > unless(ref $imap) > - { $imap = $self->createImapClient($imap) or return undef; > + { my @clientargs = defined($args->{starttls}) ? > + ( Starttls => $args->{starttls} ) : (); > + $imap = $self->createImapClient($imap, @clientargs) or return undef; > }
Doesn't this work? + $imap = $self->createImapClient($imap, Starttls => $args->{starttls}) + or return undef; Show quoted text
> -sub createImapClient($) > -{ my ($self, $class) = @_; > +sub createImapClient($@) > +{ my ($self, $class, @args) = @_;
applied Show quoted text
> -=item $obj-E<gt>B<createImapClient>(CLASS) > +=item $obj-E<gt>B<createImapClient>(CLASS, [ARGS]) > +The optional additional ARGS will be passed to the constructor of CLASS.
applied. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
Subject: Re: [rt.cpan.org #82990] Support TLS in IMAP4 connection
Date: Mon, 28 Jan 2013 00:42 +0100
To: bug-Mail-Box [...] rt.cpan.org
From: Rolf Krahl <rotkraut [...] cpan.org>
Dear Mark, Am Sonntag, 27. Januar 2013, 18:17:51 schrieben Sie: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=82990 > > * Rolf Krahl via RT (bug-Mail-Box@rt.cpan.org) [130127 22:13]:
> > > > --- lib/Mail/Transport/IMAP4.pm.orig 2012-11-28 12:28:35.000000000 +0100 > > +++ lib/Mail/Transport/IMAP4.pm 2013-01-27 22:17:45.172156091 +0100 > > @@ -39,7 +39,9 @@ > > $self->{MTI_domain} = $args->{domain}; > > > > unless(ref $imap) > > - { $imap = $self->createImapClient($imap) or return undef; > > + { my @clientargs = defined($args->{starttls}) ? > > + ( Starttls => $args->{starttls} ) : (); > > + $imap = $self->createImapClient($imap, @clientargs) or return undef; > > }
> > Doesn't this work? > + $imap = $self->createImapClient($imap, Starttls => $args->{starttls}) > + or return undef;
Should work. I'll test tomorrow. Best regards, Rolf
Subject: Re: [rt.cpan.org #82990] Support TLS in IMAP4 connection
Date: Mon, 28 Jan 2013 14:07 +0100
To: bug-Mail-Box [...] rt.cpan.org
From: Rolf Krahl <rotkraut [...] cpan.org>
Am Sonntag, 27. Januar 2013, 18:17:51 schrieben Sie: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=82990 > > * Rolf Krahl via RT (bug-Mail-Box@rt.cpan.org) [130127 22:13]:
> > > > --- lib/Mail/Transport/IMAP4.pm.orig 2012-11-28 12:28:35.000000000 +0100 > > +++ lib/Mail/Transport/IMAP4.pm 2013-01-27 22:17:45.172156091 +0100 > > @@ -39,7 +39,9 @@ > > $self->{MTI_domain} = $args->{domain}; > > > > unless(ref $imap) > > - { $imap = $self->createImapClient($imap) or return undef; > > + { my @clientargs = defined($args->{starttls}) ? > > + ( Starttls => $args->{starttls} ) : (); > > + $imap = $self->createImapClient($imap, @clientargs) or return undef; > > }
> > Doesn't this work? > + $imap = $self->createImapClient($imap, Starttls => $args->{starttls}) > + or return undef;
Tested, works fine for me. In theory, there is a tiny difference between setting the argument "Starttls" to undef and not setting this argument at all. If the argument "starttls" was not present in the call of Mail::Box::IMAP4->new, your version passes (Starttls => undef) to Mail::IMAPClient, while my version leaves the argument not set in the call. In practice, with the current version of Mail::IMAPClient, this makes no difference at all. So either version works.
Subject: Re: [rt.cpan.org #82990] Support TLS in IMAP4 connection
Date: Mon, 28 Jan 2013 14:12:18 +0100
To: Rolf Krahl via RT <bug-Mail-Box [...] rt.cpan.org>
From: Mark Overmeer <solutions [...] overmeer.net>
* Rolf Krahl via RT (bug-Mail-Box@rt.cpan.org) [130128 13:07]: Show quoted text
> Queue: Mail-Box > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82990 > > > Tested, works fine for me. > > In theory, there is a tiny difference between setting the argument > "Starttls" to undef and not setting this argument at all. If the > argument "starttls" was not present in the call of > Mail::Box::IMAP4->new, your version passes (Starttls => undef) to > Mail::IMAPClient, while my version leaves the argument not set in the > call.
Correct: when starttls is not provided, I explicitly pass 'false' for starttls, just as I will document that option to be false by default... So, when Mail::IMAPClient may change its defaults, Mail::Box users will not be bitten. Besides, the code gets a bit more readible this way. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
not my problem