SSL in 4.4 beta

POP Peeper: Tech support, suggestions, discussion, etc.
w64bit
Posts: 23
Joined: Fri Jan 22, 2010 8:56 am

SSL in 4.4 beta

Post by w64bit »

v4.4 beta 3 is downloading SSL 1.0.2.8.
It should download the latest 1.0.2.11.
Can this be fixed?
Thanks.
Last edited by spc3rd on Sat Nov 24, 2018 7:31 am, edited 2 times in total.
Reason: Topic title edited for consistency with subsequent posts.
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

I've noticed this too, in fact previous alpha/beta versions have done this as well. I've just been leaving it at SSL 1.0.2.8 myself (which works fine).

You can go to this link: http://www.esumsoft.com/products/pop-peeper/plugins/, and scroll down to the SSL plugin section and click on "Installation Instructions" for steps to take to install the current SSL plugin.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: SSL in 4.4 beta

Post by Jeff »

By default, the installer won't install SSL if it detects that it's already installed. And, in general, the installer is more likely to install an older version that what is available via manual update from the Plugins page. This is because there was a certain version of SSL that caused random crashes and so now the SSL files included from the installer will use a known stable version.

That being said, I had built and started testing .11/k about a month ago, hoping it would solve all the problems with hotmail. It didn't. But .11/k is now on the Plugins page and is also the version used by the installer.
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

I have habitually checked the box when installing (thinking I want to make sure SSL is/stays installed), I gather it's probably better to leave the box unchecked if SSL is already installed and if so I would not have had the retro-version results I think occurred in my case if I'm not mistaken as explained below.

I may be mistaken but if I recall correctly I had v1.0.2.10 installed at some point but found that by checking the SSL box when installing a new PP version I'd end up with v1.0.2.8 (apparently due to the intended goal to install a known "stable" version as you mentioned). So in the case mentioned here, if I had not checked the SSL box then presumably I would have still ended up with v1.0.2.10 after the new version of PP was installed? And is this what is recommended to do or would it be better to let the PP installer do what is best/recommended (which I presume would be the case if the SSL Box is checked when installing)?

Have I got all of that right? :?
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: SSL in 4.4 beta

Post by Jeff »

Yesh.

But -- for you specifically, keep doing what you've been doing and if you see that it installs an old version, give me a heads-up. The stable-check doesn't need to be long (week or two) and it's a separate upload/process than everything else which is why it ends up not getting updated.
User avatar
spc3rd
Moderator
Posts: 853
Joined: Tue Aug 30, 2011 5:45 pm

Re: SSL in 4.4 beta

Post by spc3rd »

FWIW, on every PP version upgrade (Beta or stable release), I've always left the SSL box unchecked when installing. After installation completes and I check the SSL Plugin version, it is always the same version that was installed prior to the upgrade.

In the case of this latest Beta 03, the SSL version in use prior to the upgrade was 1.0.2.10. Post-installation, it was the same version. I have since installed the latest SSL now, i.e., 1.0.2.11.

Cheers! :mrgreen:
Image
Global Moderator
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

Interesting, so then it sounds like leaving the plugin option unchecked when installing leaves the SSL plugin version used pre-install in place (which would suggest leaving the plugin unchecked when a plugin has already been installed the best option).

Beyond that interestingly based on:
spc3rd wrote:... After installation completes and I check the SSL Plugin version...
... it also sounds like if the plugin option is unchecked when doing an install the results will be that the SSL plugin will be disabled (unchecked) in "Tools" > "Options" > "Plugins" post-install in which case the SSL plugin needs to be enabled (checked).

In my case (if I'm not mistaken) when checking the SSL plugin when installing PP not only reverts to the previous version mentioned (v1.0.2.8 ) post-install instead of what I had pre-install (1.0.2.10) but the SSL plugin stays enabled (checked) in "Tools" > "Options" > "Plugins" so it has not been necessary for me to enable (check) the SSL plugin post-install.

I've also now installed the latest SSL release (1.0.2.11) and per Jeff will continue to check the SSL option when installing to see if what I think I've gotten in the past remains persistent (or perhaps changing to SSL plugin 1.0.2.11 as I have will change my results next time :?)
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
spc3rd
Moderator
Posts: 853
Joined: Tue Aug 30, 2011 5:45 pm

Re: SSL in 4.4 beta

Post by spc3rd »

lakrsrool wrote: Beyond that interestingly based on:
spc3rd wrote:... After installation completes and I check the SSL Plugin version...
... it also sounds like if the plugin option is unchecked when doing an install the results will be that the SSL plugin will be disabled (unchecked) in "Tools" > "Options" > "Plugins" post-install in which case the SSL plugin needs to be enabled (checked).
Just a minor clarification......after the upgrade installation completes, (in my case, anyway), the SSL plugin in the Plugins List remains check-marked also. I've never noticed it being un-checked, thus far. :?:
Image
Global Moderator
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

spc3rd wrote:
lakrsrool wrote: Beyond that interestingly based on:
spc3rd wrote:... After installation completes and I check the SSL Plugin version...
... it also sounds like if the plugin option is unchecked when doing an install the results will be that the SSL plugin will be disabled (unchecked) in "Tools" > "Options" > "Plugins" post-install in which case the SSL plugin needs to be enabled (checked).
Just a minor clarification......after the upgrade installation completes, (in my case, anyway), the SSL plugin in the Plugins List remains check-marked also. I've never noticed it being un-checked, thus far. :?:

Wow, my misunderstanding, I foolishly thought by saying "... "I check the SSL Plugin version..." was that you enable (check) the SSL Plugin on the plugins page, I say "foolishly" because now that I read it over again I don't know why I didn't connect the word "version" when you posted "I check the SSL Plugin version" to mean you're verifying the "plugin version", especially when looking at the remainder of what you posted "... it is always the same version". #-o I can only say that besides the conversation about placing a "check" mark for the SSL option to be installed when updating along with my expectation that nothing would change as a result of an update, I wouldn't normally think to verify (check) the version myself after an update (not being aware of any version change issues) and so didn't expect that anyone else would and in my case only noticed the change back to the previous version when I was reading about a user updating the SSL plugin and at the time was curious what version I was using which as I recall is the time I noticed I was back on an older version again to the best of my recollection.

Sorry Pete (and Jeff), once again I've made a complete mess of the conversation. :(
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
Drugwash
Posts: 15
Joined: Fri Aug 09, 2013 6:58 am

Re: SSL in 4.4 beta

Post by Drugwash »

Apologies for barging in.
While reading this topic, in lieu of a recent issue I updated to 4.4 beta 3 from 4.4 beta 2. Before that I tried to manually upgrade SSL from 1.0.2.10 to 1.0.2.11 in Tools > Options > Plugins. Maybe I wasn't doing it right because it wouldn't work. Or maybe there's a bug in the upgrade logic.

First, with SSL enabled/marked I selected it, clicked 'Install', selected the desired zip and got an error "Error unzipping file […]. If the existing plugin is in use: disable it, install the plugin, re-enable the plugin". So I disabled SSL, even closed the dialog and reopened it, tried to install again, and again it failed with same error.
After upgrading to beta 3 I tried the same procedure again, with same result. So it looks like SSL cannot be upgraded while POP Peeper is running. Am I right or was I doing it wrong?

Now, to the other issue of downgrading SSL at install time. Apparently this is confusing users. I was thinking of two possibilities for avoiding this.
1. First would be for the installer to check for the presence and VersionInfo of the currently installed SSL files (and maybe even check if versions match between the two files), compare to an internal list of bad versions (or - more risky - file sizes, in case the bad ones didn't have a VersionInfo) and notify the user about the necessity of downgrading in case the bad versions are found installed or ask if they agree to the downgrade if a higher "good" version is installed. Otherwise proceed with installing/upgrading as usual.

2. If the installer doesn't have version-checking capabilities (NSIS should have that, built-in or through a plugin but current installer doesn't look like NSIS), then at application's first launch after installing the application should perform the version check and replace the bad SSL files with current ones that have been deployed in some temporary folder by the installer. Of course, the user would be notified about the operation and in case of a clean downgrade there should be the option of keeping the old, higher version.

This may sound complicated but by choosing the correct defaults where choice exists it would eliminate any possible confusion as the one discussed in this topic. Anyway, it's just an idea. :)
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

Drugwash wrote: ... So it looks like SSL cannot be upgraded while POP Peeper is running. Am I right or was I doing it wrong?
Yes, you are correct.

If you go to this page: POP Peeper Plugins and scroll down the SSL plugin section of the page you will see the underlined (link) "Installation instructions (click to show)" that you can click on to expand for instructions.

Part of the instructions (at the top) you will find:
Part of SSL installation instructions: wrote: 1. Download and open the zip file using the download link provided
2. Exit POP Peeper
3. Copy the 2 files (libeay32.dll and ssleay32.dll) into the POP Peeper installation folder (typically, C:\Program Files\POP Peeper\)
4. In the main menu of POP Peeper, select Tools / Plugins and make sure that "SSL" is checkmarked
As to the remainder of your suggestions, as I understand it Jeff is looking into this. Suggestions are always appreciated so we thank you. :D
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: SSL in 4.4 beta

Post by Jeff »

PP still uses NSIS, it says so on the bottom-left of installer pages. The SSL files are downloaded from the internet, so it can't really do a version check. It could potentially download a file containing the version number and do a version check, but that would only be a stop-gap for what is planned, which is to have SSL auto-update like webmail does.
User avatar
Drugwash
Posts: 15
Joined: Fri Aug 09, 2013 6:58 am

Re: SSL in 4.4 beta

Post by Drugwash »

lakrsrool wrote:If you go to this page: POP Peeper Plugins and scroll down the SSL plugin section of the page you will see the underlined (link) "Installation instructions (click to show)" that you can click on to expand for instructions.
Thanks, that explains it. However, people (like me) may forget the procedure (if they ever read it :oops: ) so I'd suggest to have the Install button pop up a message box explaining the procedure and maybe offering to shutdown POP Peeper in order to proceed with the manual installation of the SSL files.
Also, after such operation next launch could automatically open the Tools > Options > Plugins page so the user could verify and mark/unmark the plugin as desired. That would add up some extra code but would help the user, IMHO.
Jeff wrote:PP still uses NSIS, it says so on the bottom-left of installer pages. The SSL files are downloaded from the internet, so it can't really do a version check. It could potentially download a file containing the version number and do a version check, but that would only be a stop-gap for what is planned, which is to have SSL auto-update like webmail does.
Ah, my bad, wasn't paying attention. :oops: In that case, NSIS could at least check if a "bad" SSL version is installed and warn the user regardless if the plugin is enabled or not in the installer and/or in the application, because at any time the user may choose to enable it and would end up with a bad SSL.
This would be helpful even for the planned auto-update, I guess. Well, you know best - I'm just laying down ideas. :)
User avatar
mjs
Moderator
Posts: 2216
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL in 4.4 beta

Post by mjs »

Drugwash wrote:
lakrsrool wrote:If you go to this page: POP Peeper Plugins and scroll down the SSL plugin section of the page you will see the underlined (link) "Installation instructions (click to show)" that you can click on to expand for instructions.
Thanks, that explains it. However, people (like me) may forget the procedure (if they ever read it :oops: ) so I'd suggest to have the Install button pop up a message box explaining the procedure and maybe offering to shutdown POP Peeper in order to proceed with the manual installation of the SSL files.
Also, after such operation next launch could automatically open the Tools > Options > Plugins page so the user could verify and mark/unmark the plugin as desired. That would add up some extra code but would help the user, IMHO.
Great ideas actually, but since Jeff is planning "to have SSL auto-update like webmail does" then at that point the entire update procedure would occur behind the scenes and the user would not need to do anything at all (as long as the "auto-update" box is checked for "SSL" just like it works for "Webmail" now).
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
User avatar
Drugwash
Posts: 15
Joined: Fri Aug 09, 2013 6:58 am

Re: SSL in 4.4 beta

Post by Drugwash »

lakrsrool wrote:Great ideas actually, but since Jeff is planning "to have SSL auto-update like webmail does" then at that point the entire update procedure would occur behind the scenes and the user would not need to do anything at all (as long as the "auto-update" box is checked for "SSL" just like it works for "Webmail" now).
Indeed: as long as the "auto-update" box is checked. Some users, for various reasons may want to disable auto-update (say when running alphas/betas or whatever), in which case the manual update should still be user-friendly. ;)
Ideally the whole process should avoid restarting the entire application but I don't know the internals and can't say if that is possible or feasible. Well, that's quite nitpicking so I won't insist on this matter. We'll see what future brings. 8)
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: SSL in 4.4 beta

Post by Jeff »

PP_Install_SSL_Running.png
That's the prompt that the SSL installer shows if PP is running when you try to update SSL.

I don't see what the problem is? :?
Some plugins may be able to update while PP is updating, but SSL is too ingrained to allow that in most cases (except, maybe if you try to upgrade before PP's first mail-check).
User avatar
Drugwash
Posts: 15
Joined: Fri Aug 09, 2013 6:58 am

Re: SSL in 4.4 beta

Post by Drugwash »

I was referring to an attempt at manually installing SSL from a zip, not through web installer.
SSL install - step 1.png
SSL install - step 2.png
Oh and I noticed a typo in your dialog's titlebar: WebInstaller.
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: SSL in 4.4 beta

Post by Jeff »

Drugwash wrote:I was referring to an attempt at manually installing SSL from a zip, not through web installer.
Ah, ok, I had forgotten about that method (I was thinking of manually extracting the contents of the zip file). I've updated the text.
Drugwash wrote:Oh and I noticed a typo in your dialog's titlebar: WebInstaller.
:shock: Thanks. Updated.
User avatar
Drugwash
Posts: 15
Joined: Fri Aug 09, 2013 6:58 am

Re: SSL in 4.4 beta

Post by Drugwash »

Great, now we're a step closer to perfection. Thank you. :)
w64bit
Posts: 23
Joined: Fri Jan 22, 2010 8:56 am

Re: SSL in 4.4 beta

Post by w64bit »

v1.0.2.14 is out.
Please update it.
Thank you.
Post Reply