issues@javamail.java.net

[Bug 5086] New: If mail.imap.socketFactory.fallback is used connection to some providers not possible

From: <bugzilla-daemon_at_kenai.com>
Date: Fri, 20 Apr 2012 09:05:18 +0000

http://kenai.com/bugzilla/show_bug.cgi?id=5086

             Bug #: 5086
           Summary: If mail.imap.socketFactory.fallback is used connection
                    to some providers not possible
    Classification: Unclassified
           Product: javamail
           Version: 1.4.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: imap
        AssignedTo: shannon_at_kenai.com
        ReportedBy: tking_at_kenai.com
                CC: issues_at_javamail.kenai.com


Created attachment 531
  --> http://kenai.com/bugzilla/attachment.cgi?id=531
Brief Java Programm to Reproduce the Case

Hi all,

I am using mail.imap.socketFactory.fallback=true and this stops my code from
connecting to some providers (like freenet.de and aol.com).

The reason is that some providers like the ones named above advertise STARTTLS
even though the connection to the server is already secured by SSL. Javamail
picks this advertisement for STARTTLS up and tries to initiate TLS over a SSL
connection. This is then rejected by these (previously named) IMAP servers. See
the log for mx.freenet.de while connecting over SSL:
DEBUG: getProvider() returning
javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems,
Inc]
...
DEBUG: enable STARTTLS
...
* OK IMAP ready.
A0 CAPABILITY
* CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 QUOTA STARTTLS
A0 OK CAPABILITY completed
DEBUG IMAP: AUTH: CRAM-MD5
DEBUG: protocolConnect login, host=mx.freenet.de, user=bernd.prober_at_freenet.de,
password=<non-null>
A1 STARTTLS
A1 NO TLS already active
DEBUG IMAP: STARTTLS ProtocolException:
com.sun.mail.iap.CommandFailedException: A1 NO TLS already active

I attached a small java program that reproduces the case with Javamail 1.4.5.

I also attached a bugfix for this. The change is simple: It just checks if the
socket is not of instance SSLSocket before initiating the STARTTLS sequence.

As TLS over SSL does not make much sense I believe this change is valid and
sound. I tested this bugfix with all kinds of IMAP servers (like dovecot,
courier, cyrus, 1&1, etc) and different SSL/TLS settings. I could not find any
interference with this bugfix.

Could you please review my bug description and the solution I propose?

Best regards,
Thomas 

-- 
Configure bugmail: http://kenai.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.