23 June, 2011

Issue with VM and IMAP over SSL/stunnel

Problem -- after migrating from Mac to Mac @work I could no longer get emails via imap over ssl/stunnel, using VM 8.1.1 on Emacs 23.3 and stunnel 4.35 with openssl 1.0.0d. The *Messages* buffer stated
vm-imap-protocol-error: IMAP protocol error: "unexpected char (10)"
and the trace buffer of the IMAP over SSL session showed no errors.

With help from my friend, and some ssl/stunnel debugging, I quickly found the problem in the stunnel program, so I set out to revert to the version working on my old Mac, version 4.23. Finding instructions on the Macports wiki page on how to install older ports with subversion, I did
  • jump over the part on installing subversion as a fairly new version comes with Mac OS X 10.6.7,
  • locate and check out the revision, 36499, from the Macports repository containing the old version of stunnel,
    $ svn co -r 36499 https://svn.macports.org/repository/macports/trunk/dports/security/stunnel
  • install it with the port command.
    $ cd stunnel
    $ port install
Problem solved! Now I can once again get emails to VM using IMAP over SSL, stunnel 4.23 with openssl 1.0.0d.

There are quite a few tips on how to test a ssl connection, so I will leave it out and show how I debugged stunnel by
  • creating a stunnel.conf file with
    debug = 7
    output = stunnel.log
    to be appended to the VM generated config file,
  • setting vm-stunnel-program-additional-configuration-file in the VM init file, ~/.vm, to point to to stunnel.conf file, eg
    (setq vm-stunnel-program-additional-configuration-file "/PATH/TO/STUNNEL.CONF")
  • and reloading the VM init file.
Fetching emails now created stunnel.log in the mail folder. This file showed the error
LOG5[3793:140735082364064]: Error detected on socket (read) file descriptor: Socket operation on non-socket (38)
which I could find almost no information about, even less a solution to, so the quick fix was to revert back to an old working version of stunnel as described above.

Update: Since I wrote, but not published, the above text I found out in the stunnel changelog that some Mac OS X bugs have been fixed. Downloaded the latest version, 4.37, and compiled it without any hickups. Though, when now running stunnel it segfaults in addition to the stunnel socket error above...
Update: The above error has been fixed in version 4.52 of stunnel, excellent work from MichaƂ Trojnara!

5 comments:

  1. I think I have found a solution:
    ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.52b1.tar.gz
    Can you test it, please?

    ReplyDelete
  2. 4.52 works for me.

    ReplyDelete
  3. Tested 4.52b1, still gets the error on socket. No segfault this time. I will do som more testing and send in a bug report. Thank you.

    ReplyDelete
  4. Now tested 4.52 final, works well! Thank you!

    ReplyDelete
  5. I think stunnel is causing problems again. In VM, I get the error message "vm-pop-check-connection: POP connection not open: POP over SS" (in Archlinux)

    ReplyDelete