| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Robbie Harwood says that "gssapi" is more accurate.
I regularly get perplexed by the layers of SASL, GSSAPI, and Kerberos,
so i'm happy to have this alias Just Work in any case.
Suggested-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
| |
Verified with the author.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After discussion with Sean Whitton and Robbie Harwood, I think makes
more sense to have a straight "retriever.authentication" configuration
setting rather than a rather odd boolean "use_kerberos".
This is a divergence from getmail, but that seems OK at this point.
The implementation now also makes it pretty straightforward to add new
authentication mechanisms if someone wants to add them.
One additional thing that would be nice would be for imap-dl to be
able to dynamically choose the "best" available authentication method.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthorseman.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This is based off offlineimap's code rather than getmail's. getmail
relied on pykerberos, which is considered deprecated in
Fedora/RHEL/CentOS; offlineimap relied on python-gssapi, which is
considered its replacement there. python3-gssapi doesn't yet have type
annotations, but this is planned to change in the future.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In my case, this allows supporting servers which have unacceptably (for
systemwide OpenSSL) small DH sizes by requesting non-DH ciphers.
Specifically, hardcoding AES256-GCM-SHA384 prevents this traceback:
Traceback (most recent call last):
File "/usr/bin/imap-dl", line 273, in <module>
scan_msgs(confname, args.verbose)
File "/usr/bin/imap-dl", line 133, in scan_msgs
ssl_context=ctx) as imap:
File "/usr/lib/python3.7/imaplib.py", line 1288, in __init__
IMAP4.__init__(self, host, port)
File "/usr/lib/python3.7/imaplib.py", line 198, in __init__
self.open(host, port)
File "/usr/lib/python3.7/imaplib.py", line 1301, in open
IMAP4.open(self, host, port)
File "/usr/lib/python3.7/imaplib.py", line 299, in open
self.sock = self._create_socket()
File "/usr/lib/python3.7/imaplib.py", line 1293, in _create_socket
server_hostname=self.host)
File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1076)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
|
|
| |
The fact that imap-dl came out of getmail and borrows a bit of
configuration shouldn't be relevant for new users.
Make the documentation more agnostic about where they're coming from.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
getmail upstream appears to have no plans to convert to python3 in the
near future.
Some of us use only a minimal subset of features of getmail, and it
would be nice to have something simpler, with the main complexity
offloaded to the modern python3 stdlib.
This patch represents a squashed series of changes from both Jameson
Graef Rollins and Daniel Kahn Gillmor (dkg), though dkg is primarily
responsible for any remaining bugs.
Thanks to Sean Whitton for useful and significant feedback.
Signed-off-by: Jameson Graef Rollins <jrollins@finestructure.net>
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|