Not sure whether it's the same issue, but when I got this error, adding my self-generated CA which signed the TLS_CERTFILE to the list (actually it is the only one) solved the problem for me (not using client certs, client was Thunderbird on linux): TLS_TRUSTCERTS=/path/to/ca.crt
On 05/26/12 00:14, Grzegorz Sójka wrote: > On 05/25/12 02:53, Sam Varshavchik wrote: >> Grzesiek Sójka writes: >> >>> ssl connection. If I connect using my mobile phone or the mail >>> application running on apple OS X everything works fine. But when trying >>> to establish ssl connection using icedove running on PLD linux I get >>> following messages in the mail log file: >>> >>> May 23 17:51:38 Hermes imapd-ssl: Connection, ip=[::ffff:192.168.0.1] >>> May 23 17:51:38 Hermes imapd-ssl: couriertls: read: error:14094418:SSL >>> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca >>> May 23 17:51:38 Hermes imapd-ssl: Disconnected, ip=[::ffff:192.168.0.1], >>> time=0, starttls=1 >>> >>> I generated a new (self signed) certificate, change the configuration >>> but still no luck. >> Are you using client certificates? This looks like you're using client >> certs, and the cert that the client presented has been signed with an >> unknown CA, and you have client cert verification enabled. >> >> Either disable certificate validation (TLS_VERIFYPEER=NONE), or put the >> CA cert that your client's cert is signed with into the TLS_TRUSTCERTS >> file. > Hm.. In my case: > > [root@Hermes courier-imap]# egrep -v "^#|^$" imapd-ssl > SSLPORT=993 > SSLADDRESS=0 > SSLPIDFILE=/var/run/imapd-ssl.pid > SSLLOGGEROPTS="-name=imapd-ssl" > IMAPDSSLSTART=YES > IMAPDSTARTTLS=NO > IMAP_TLS_REQUIRED=0 > COURIERTLS=/usr/bin/couriertls > TLS_PROTOCOL="SSL23" > TLS_KX_LIST=ALL > TLS_COMPRESSION=ALL > TLS_CERTS=X509 > TLS_CERTFILE=/etc/mail/cert/Hermes.sojka.co.pem > TLS_TRUSTCERTS=/etc/certs/ca-bundle.crt > TLS_VERIFYPEER=NONE > TLS_CACHEFILE=/var/spool/courier-imap/couriersslcache > TLS_CACHESIZE=524288 > MAILDIRPATH=Maildir > > Regards > Greg > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Courier-imap mailing list > Courier-imap@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
