Re: [Courier-imap] Multiple domains with Imap-SSL

[Brian Candler]

On Sun, Feb 12, 2006 at 10:11:20PM +0100, Maik Musall wrote:
> I now managed to get as many different IP addresses onto the host for
> which I asked this, so I can use this solution. I tried setting it up,
> but courier-imap ignores the file and keeps asking for a pem file
> without the ip address ending.
> 
> This shows my current state of setup:
> 
> myhost courier-imap # ls -l
> total 72
> -rw-------  1 root root 12547 Nov 23 13:53 imapd
> -rw-------  1 root root  6138 Nov 23 13:53 imapd-ssl
> -rw-------  1 root root   328 Feb 12 21:22 imapd.cnf.080.190.240.089
> -rw-------  1 root root   358 Feb 12 21:23 imapd.cnf.080.190.245.188
> -rw-------  1 root root  2137 Feb 12 21:24 imapd.pem.080.190.240.089
> -rw-------  1 root root  2219 Feb 12 21:24 imapd.pem.080.190.245.188

No leading zeros: imapd.pem.80.190.240.89

> imapd-ssl:TLS_CERTFILE=/etc/courier-imap/imapd.pem
> pop3d-ssl:TLS_CERTFILE=/etc/courier-imap/pop3d.pem
> 
> I also tried without leading zeros in the ip addresses, no difference.
> Where's my error?

Here's the relevant source from tcpd/libcouriertls.c:

static int process_certfile(SSL_CTX *ctx, const char *certfile, const char *ip,
                            int (*func)(SSL_CTX *, const char *))
{
        if (ip && *ip)
        {
                char *test_file;

                if (strncmp(ip, "::ffff:", 7) == 0 && strchr(ip, '.'))
                        return (process_certfile(ctx, certfile, ip+7, func));

                test_file= malloc(strlen(certfile)+strlen(ip)+2);

                strcpy(test_file, certfile);
                strcat(test_file, ".");
                strcat(test_file, ip);

                if (access(test_file, R_OK) == 0)
                {
                        int rc= (*func)(ctx, test_file);

                        free(test_file);
                        return rc;
                }
                free(test_file);
        }

        return (*func)(ctx, certfile);
}

You can put some fprintf(stderr,...) lines before and after the 'access'
test to see what file it's trying to access and what the result is.

Or you can use strace with appropriate flags to look at all descendants of
the couriertcpd process to see what it's trying to do.

Note that you can have both imapd.pem and imapd.pem.x.x.x.x files present.
The above code will first try the imapd.pem.x.x.x.x and then fallback to
imapd.pem

Regards,

Brian.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap