Interacting with IMAP via openssl

This command assumes that the IMAP capabilities include STARTTLS, the port is on 1143 and that IMAP is accesible vias localhost.

openssl s_client -starttls imap -connect localhost:1143 -crlf

the -crlf is essential to allow the command to be registered by the server correctly.

Now sending commands to the server this is a syncronous connection, the server may take time to process the request

a LOGIN curtis@email.com password123

List all mailboxes

a LIST "" "*"

Get status of mailbox

a STATUS INBOX (MESSAGES UNSEEN RECENT)

Select the mailbox

a SELECT INBOX

Mark all messages as read in current mailbox (can take a while)

a1 STORE 1:* +FLAGS (\SEEN)

MOVE Extention is possible if it is in CAPABILITIES https://tools.ietf.org/html/rfc3501

a2 MOVE 1:* Archive

(Can take a while)

adminlog

OSX 10.8.5 keychain updates and issues with os x

For non RVM users

OpenSSL is going to expect a file : /System/Library/OpenSSL/cert.pem

Become root

$ sudo su -

Find path for certificate:

cert_file=$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')

Generate certificate:

security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file" security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

# exit

The whole code: https://github.com/wayneeseguin/rvm/blob/master/scripts/functions/osx-ssl-certs

RUNNING Ruby 2.0 && brew linked openssl?

My ruby 2.0 that i built was not using system openssl and so when i was in the directory where i use ruby 2.0 this command

ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

returns a different directory

/usr/local/etc/openssl/cert.pem

requiring that i run this command as-well (assuming i did the above)

cp /System/Library/OpenSSL/cert.pem /usr/local/etc/openssl/cert.pem

found @

http://stackoverflow.com/questions/19150017/ssl-error-when-installing-rubygems-unable-to-pull-data-from-https-rubygems-o

adminlog

basic auth nginx

location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; }

(Linux) # this example uses crypt encryption

printf "John:$(openssl passwd -crypt V3Ry)\n" >> /etc/nginx/htpasswd

adminlog

setting up bosh with prosody https

Set up NGINX with ssl and prosody

-- /etc/nginx/sites-available/a_host

server { listen 443 default ssl; server_name a_host; ssl_certificate /etc/nginx/certs/a_host.crt; ssl_certificate_key /etc/nginx/certs/a_host.key; access_log /var/log/nginx/a_host.access.log; error_log /var/log/nginx/a_host.error.log; rewrite_log on; root /var/www/a_host; index index.html index.htm; add_header Access-Control-Allow-Origin https://hearth.at; # Static files. # Set expire headers, Turn off access log location ~* \favicon.ico$ { access_log off; expires 1d; add_header Cache-Control public; } # Deny access to .htaccess files, # git & svn repositories, etc location ~ /(\.ht|\.git|\.svn) { deny all; } location /http-bind/ { proxy_pass http://localhost:5280/http-bind/; proxy_buffering off; tcp_nodelay on; } }

Create SSL CERT for both Prosody and NGINX

-- /etc/nginx/certs

cd /etc/nginx/certs # set key with passphrase openssl genrsa -aes256 -out server.key.pass 2048 # use passphrase openssl req -new -key server.key.pass -out server.csr # remove password openssl rsa -in server.key.pass -out server.key # create signed certificate openssl x509 -req -days 999 -in server.csr -signkey server.key -out server.crt

appending the following to my existing prosody setup

-- /etc/prosody/conf.d/a_host.cfg.lua

modules_enabled = { "bosh" } bosh_ports = { { port = 5280; path = "http-bind"; ssl = { key = "/etc/nginx/certs/a_host.key"; certificate = "/etc/nginx/certs/a_host.crt"; } } }

Restart all of the services

service prosody stop && service prosody start service nginx stop && service nginx start

Test via curl prosody bosh

-- curl http://localhost:5280/http-bind/

<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>

Test via SSL connection to NGINX that the proxy is operatinng

-- openssl s_client -connect a_host:443

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 512 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 5F984EB9743520EE91DCFBAFC426FD0E748628AE2F2723D4DC8B03C95DFE2D4E Session-ID-ctx: Master-Key: 8F07FEB5207F75386F293891BF9545CA38BC4937E3F773764D927F58BBCB40D2F533702FEE441B604779971E88BC11D7 Key-Arg : None Start Time: 1334080565 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---

enter HTTP PROTOCOL commands - followed by newline

GET /http-bind/ HTTP/1.1 HOST: ahost

Response

HTTP/1.1 200 OK Server: nginx/0.7.65 Date: Tue, 10 Apr 2012 17:57:01 GMT Connection: keep-alive Content-Length: 93 Access-Control-Allow-Origin: https://a_host <html><body>You really don't look like a BOSH client to me... what do you want?</body></html>