STARTTLS (was: Autoconfig for aol.com and friends)

Ben Bucksch ben.bucksch at beonex.com
Wed Jan 16 02:12:59 UTC 2013


Essentially, you do:

  * Open the nsISocketTransport socket
  * Wait until the server greets you with "* OK"
  * Check prefs whether you want STARTTLS. If you do, require it (abort
    connection, if SSL fails), otherwise skip.
  * var sslControl =
    socketTransport.securityInfo.QueryInterface(Ci.nsISSLSocketControl)
  * Send "STARTTLS" IMAP command to server (with IMAP command number tag
    and all), wait for positive response
  * Call sslControl.StartTLS(); - this does the SSL handshake in NSS
    with the server.
  * If that works, you're SSL protected and continue as normal.


Code below.


On 16.01.2013 03:05, Ben Bucksch wrote:
> On 15.01.2013 00:21, Jim wrote:
>> Gaia email app ... don't support STARTTLS yet
>
> I've implemented IMAP with STARTTLS in pure JS, with Mozilla's 
> nsISocketTransport. It's not hard. Here is the code that does 
> STARTTLS, and the surrounding code. If you need more context or the 
> full implementation, or have questions, just ask me.
>
>   _openConnection : function(successCallback, errorCallback)
>
>   {
>
>     var self = this;
>
>     this._socket.openSocket(function()
>
>     {
>
>       // Wait for server response
>
>       self._socket.receiveIMAP(null, function(line)
>
>       {
>
>         // Got "* OK servername" response
>
>         self._doSTARTTLSIfNecessary(function()
>
>         {
>
>           self._getCAPs(successCallback, errorCallback);
>
>         }, errorCallback);
>
>       },
>
>       function(okMsg)
>
>       {
>
>         // command success: there was no command, so this never comes
>
>       }, errorCallback);
>
>     }, errorCallback);
>
>   },
>
>   _doSTARTTLSIfNecessary : function(successCallback, errorCallback)
>
>   {
>
>     if (this._account.ssl != 3)
>
>     {
>
>       successCallback();
>
>       return;
>
>     }
>
>     // Don't bother checking CAPS. If it's configured in prefs, we 
> require it.
>
>     assert(this._socket._socket instanceof Ci.nsISocketTransport);
>
>     var sslControl = this._socket._socket.securityInfo;
>
>     if (!(sslControl instanceof Ci.nsISSLSocketControl)) // implicitly 
> does QI
>
>       throw new Exception("nsISSLSocketControl not found");
>
>     this._socket.sendAndReceiveIMAP("STARTTLS", null, null,
>
>     function()
>
>     {
>
>       // |Socket| implements SSL notification callbacks
>
>       sslControl.StartTLS(); // apparently sync, blocks UI :-(
>
>       successCallback();
>
>     }, errorCallback);
>
>   },
>
>




More information about the tb-planning mailing list