Hope this helps, I'd like to run imap4d instead of Dovecot, but STARTTLS is a *must*.
I stopped Dovecot, installed the Squeeze imap4d-mailutils. (I still want tuse 2.99.96 so I left it installed, thus the command line extras.) Then I uninstalled imap4d-mailutils, and tested against the Mailutils 2.99.96 built on the Squeeze box. First: ~$ gnutls-cli --version gnutls-cli (GnuTLS) 2.12.14 Packaged by Debian (2.12.14-5ubuntu3) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Nikos Mavrogiannopoulos. Now, it looks like the Squeeze (Mailutils 2.1, apparently?) version will STARTTLS with GnuTLS. But when I try the same thing against 2.99.96, imap4d (subprocess?) segfaults -- the daemon keeps running. Here is what I saw in syslog: Jun 5 17:17:21 kaikala imap4d[1082]: process 1118 terminated on signal 11 Jun 5 17:17:21 kaikala kernel: [8029768.775851] imap4d[1118]: segfault at 68 ip b76e14bf sp \ bfe78dd0 error 4 in libmailutils.so.4.0.0[b7668000+8b000] Here is the gnutls-cli output: :~$ gnutls-cli --insecure --port 143 --starttls workingdroid.com Resolving 'workingdroid.com'... Connecting to '206.217.130.140:143'... - Simple Client Mode: * OK IMAP4rev1 A STARTTLS A OK STARTTLS Begin TLS negotiation - Peer has closed the GnuTLS connection NOTE: This happens immediately, *BEFORE* I have a chance to send gnutls-cli SIGALARM FWIW, here is gnutls-cli with Mailutils 2.1 imap4d, looks like that worked: # LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/sbin/imap4d --version imap4d (GNU Mailutils 2.1) ~$ gnutls-cli --insecure --port 143 --starttls workingdroid.com Resolving 'workingdroid.com'... Connecting to '206.217.130.140:143'... - Simple Client Mode: * OK IMAP4rev1 A CAPABILITY * CAPABILITY IMAP4rev1 NAMESPACE ID IDLE LITERAL+ UNSELECT STARTTLS AUTH=GSSAPI AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=LOGIN AUTH=PLAIN AUTH=SECURID AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 A OK CAPABILITY Completed A STARTTLS A OK STARTTLS Begin TLS negotiation *** Starting TLS handshake - Successfully sent 0 certificate(s) to server. - Ephemeral Diffie-Hellman parameters - Using prime: 768 bits - Secret key: 767 bits - Peer's public key: 766 bits - Server has requested a certificate. - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=Hawaii,L=Aloha,O=NaiaSoft\, LLC,OU=HQ,CN=mail.workingdroid.com,[email protected]', issuer `C=US,ST=Hawaii,L=Aloha,O=NaiaSoft\, LLC,OU=HQ,CN=mail.workingdroid.com,[email protected]', RSA key 2048 bits, signed using RSA-SHA1, activated `2012-06-01 18:45:12 UTC', expires `2015-06-01 18:45:12 UTC', SHA-1 fingerprint `a5c38b7d7a23f1f20a2f73bd68f4742e0496d7e3' - The hostname in the certificate does NOT match 'workingdroid.com' - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.1 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL A CAPABILITY * CAPABILITY IMAP4rev1 NAMESPACE ID IDLE LITERAL+ UNSELECT AUTH=GSSAPI AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=LOGIN AUTH=PLAIN AUTH=SECURID AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 A OK CAPABILITY Completed On 06/05/2012 08:11 AM, Daniel Kahn Gillmor wrote: > On 05/31/2012 10:28 AM, Chris Hall wrote: >> Server running Debian Squeeze, client running Ubuntu 12.04 >> >> GNU Mailutils 2.99.96 on both server and client machines. > Does the binary from mailutils-imap4d from debian squeeze also have the > same problem? > > Can you provide a packet capture of an aborted TLS session? > > fwiw, i was able to connect to it with gnutls-cli (ignoring certificate > validation): > > gnutls-cli --insecure --port 143 --starttls workingdroid.com > > then type "A STARTTLS", and then the server should respond: > > A OK Begin TLS negotiation now. > > at that point, from another shell on the client, run: > > killall -ALRM gnutls-cli > > and the negotiation should proceed. > > this worked for me with gnutls-cli from gnutls-bin 3.0.19-2 on debian > wheezy. > > --dkg > _______________________________________________ Bug-mailutils mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-mailutils
