I compiled imap-2000e with: make ldb SSLTYPE=unix
since I'd like both SSL and plain-text to work during a transition period. I
have self signed certs by following the directions at http://www.eclectica.ca/howto/ssl-cert-howto.php
and the output from s_client leads me to believe they are being seen
when I connect to the port but I get errors in syslog as follows. Any
ideas? Is there some other diagnostic I can run that might shed some light?
Thanks.
From syslog:
Dec 26 08:37:31 hutton imapd[26980]: imaps SSL service init from 127.0.0.1
Dec 26 08:37:31 hutton imapd[26980]: Unable to load certificate from /etc/ssl/certs/imapd.pem, host=localhost [127.0.0.1]
Dec 26 08:37:31 hutton imapd[26980]: SSL error status: error:02001002:system library:fopen:No such file or directory
Dec 26 08:37:31 hutton imapd[26980]: SSL error status: error:20074002:BIO routines:FILE_CTRL:system lib
Dec 26 08:37:31 hutton imapd[26980]: SSL error status: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
From s_client:
hutton:/var/log# openssl s_client -connect localhost:993
CONNECTED(00000003)
depth=0 /C=US/ST=Illinois/O=Northwestern University/OU=Geology IMAP server/CN=hutton.earth.northwestern.edu/[EMAIL PROTECTED]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Illinois/O=Northwestern University/OU=Geology IMAP server/CN=hutton.earth.northwestern.edu/[EMAIL PROTECTED]
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Illinois/O=Northwestern University/OU=Geology IMAP server/CN=hutton.earth.northwestern.edu/[EMAIL PROTECTED]
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=Illinois/O=Northwestern University/OU=Geology IMAP server/CN=hutton.earth.northwestern.edu/[EMAIL PROTECTED]
i:/O=Northwestern University/OU=Geological Sciences/[EMAIL PROTECTED]/L=Evanston/ST=Illinois/C=US/CN=Geology Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC4jCCAksCAQEwDQYJKoZIhvcNAQEEBQAwgbcxIDAeBgNVBAoTF05vcnRod2Vz
dGVybiBVbml2ZXJzaXR5MRwwGgYDVQQLExNHZW9sb2dpY2FsIFNjaWVuY2VzMSgw
JgYJKoZIhvcNAQkBFhljYUBlYXJ0aC5ub3J0aHdlc3Rlcm4uZWR1MREwDwYDVQQH
EwhFdmFuc3RvbjERMA8GA1UECBMISWxsaW5vaXMxCzAJBgNVBAYTAlVTMRgwFgYD
VQQDEw9HZW9sb2d5IFJvb3QgQ0EwHhcNMDMxMjIzMTU0NjQwWhcNMDQxMjIyMTU0
NjQwWjCBujELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMSAwHgYDVQQK
ExdOb3J0aHdlc3Rlcm4gVW5pdmVyc2l0eTEcMBoGA1UECxMTR2VvbG9neSBJTUFQ
IHNlcnZlcjEmMCQGA1UEAxMdaHV0dG9uLmVhcnRoLm5vcnRod2VzdGVybi5lZHUx
MDAuBgkqhkiG9w0BCQEWIXBvc3RtYXN0ZXJAZWFydGgubm9ydGh3ZXN0ZXJuLmVk
dTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz7D7M2heR8Hms/bFgVjhCSI2
2HJJjQGZzNzP8znbFhr+4Mjc+iA/6eRQzzYmupIbIy7AXawUT+9pEk4UGwTbocQp
dC+HgCbK2jqFt8sRZQOFDbz1IRgIk8oLK2KTAQz76SXMwnQeKW3+pdIpr3xwIY4c
1A0Tcl7CCGph2A357jMCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCSTypvyVciKkXU
zv0XRCzcyFH/AGXIjzjdE2eo2csF63/tzT0+m/CSmAUt97Pu/8j12UTisiWuN35z
i4isJbh1KNNBMGBRnh/NjU18MAbCX9w5JoOfxpS1x3xllVl7s1ga/xEAaQIC/tBp
HzFLVOP67vqM4HuYMDPSUues9ktIgQ==
-----END CERTIFICATE-----
subject=/C=US/ST=Illinois/O=Northwestern University/OU=Geology IMAP server/CN=hutton.earth.northwestern.edu/[EMAIL PROTECTED]
issuer=/O=Northwestern University/OU=Geological Sciences/[EMAIL PROTECTED]/L=Evanston/ST=Illinois/C=US/CN=Geology Root CA
---
No client certificate CA names sent
---
SSL handshake has read 896 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: B5A9258A3F2F01A15F01ED78A03AB9A1895DF90A0B1E7621140904EB5485F5B9
Session-ID-ctx:
Master-Key: B42BA5303065FFF3270F2EFE9C4B64225C98593A07C3173DE9F16755EC86724A0CDF19EBB4E1417B4E91D7ACC27678E0
Key-Arg : None
Start Time: 1072813468
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] localhost IMAP4rev1 2003.339 at Tue, 30 Dec 2003 13:44:28 -0600 (CST)
--
George Campbell
[EMAIL PROTECTED]
Weinberg Technical Services, Northwestern University
--
-----------------------------------------------------------------
For information about this mailing list, and its archives, see: http://www.washington.edu/imap/imap-list.html
-----------------------------------------------------------------
