On 2014-05-02 02:11, Sam Varshavchik wrote: > Anders Le Chevalier writes: > >> I checked with "openssl s_client -connect domain.com:993" and got >> the following error: >> >> CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU = >> Secure Digital Certificate Signing, CN = StartCom Certification >> Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = >> Secure Digital Certificate Signing, CN = StartCom Class 1 Primary >> Intermediate Server CA verify return:1 depth=0 C = SE, CN = >> domain.com, emailAddress = domain....@domainsbyproxy.com verify >> return:1 140576163956368:error:0407006A:rsa >> routines:RSA_padding_check_PKCS1_type_1:block type is not >> 01:rsa_pk1.c:100: 140576163956368:error:04067072:rsa >> routines:RSA_EAY_PUBLIC_DECRYPT:padding check >> failed:rsa_eay.c:721: 140576163956368:error:1408D07B:SSL >> routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1812: >> >> >> What could this padding check failure be? > > Repeat the experiment using mkimapdcert-generated key. If the > error persists, this would point to a general gnutls-openssl > incompatilibity. > >
The self-signed certs created with mkimapdcert do work. I have also tried # openssl x509 -in startcom-domain.com.crt -text -noout which displays the certificate correctly with no warnings or errors. ~A ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
