New difficulties (sorry to bore you again),
I try to configure Qpopper to accept SSL-Conections from Microsoft-Clients,
for our Microsoft users.
I am testing with Microsoft-Outlook 2000 (9.0.0.2814).
On the server-side I run both protocols ("stls" ; "alternate-port") successively
on Port 995.
It failed in both cases.
The Error-Message from MS-Outlook isn't very useful.
Therefore I have (consecutively) included the debug-output from the both daemons.
The "alternate-port" debug-output says, that the TLS/SSL handshake
failed - but why ?
The debug output from the "stls" option tells me practically nothing.
(I am no TLS/SSL expert).
:-(
Maybe you'll skim over it ...
regards
- oliver
d e b u g - o u t p u t f o r "a l t e r n a t e - p o r t" o n p o r t 995 :
Oct 8 09:54:13.783 2001 [18935] Trace and Debug destination is file
"/var/log/alt_popper.log" [pop_config.c:1108]
Oct 8 09:54:13.783 2001
Oct 8 09:54:13.783 2001 [18935] ...read line 4 (32): set tls-support = alternate-port
[pop_config.c:1314]
Oct 8 09:54:13.783 2001
Oct 8 09:54:13.783 2001 [18935] Set tls-support to alternate-port (1)
[pop_config.c:1195]
Oct 8 09:54:13.783 2001
Oct 8 09:54:13.783 2001 [18935] ...read line 5 (49): set config-file =
/etc/QPopper/common_popper.conf [pop_config.c:1314]
Oct 8 09:54:13.783 2001
Oct 8 09:54:13.783 2001 [18935] Processing config file
'/etc/QPopper/common_popper.conf'; CallTime=1 [pop_config.c:1278]
[...]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 31 (68): set tls-server-cert-file =
/usr/local/apache/conf/ssl.crt/server.crt [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] Set tls-server-cert-file to
"/usr/local/apache/conf/ssl.crt/server.crt" [pop_config.c:1211]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 32 (68): set tls-private-key-file =
/usr/local/apache/conf/ssl.key/server.key [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] Set tls-private-key-file to
"/usr/local/apache/conf/ssl.key/server.key" [pop_config.c:1211]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 33 (0): [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 34 (0): [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 35 (0): [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] ...read line 36 (0): [pop_config.c:1314]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] Finished processing config file
'/etc/QPopper/common_popper.conf'; rslt=1 [pop_config.c:1462]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.784 2001 [18935] Finished processing config file
'/etc/QPopper/alt_popper.conf'; rslt=1 [pop_config.c:1462]
Oct 8 09:54:13.784 2001
Oct 8 09:54:13.786 2001 [18935] (v4.0.3) Servicing request from
"chaos.dvz.fh-giessen.de" at 212.201.18.85 [pop_init.c:1152]
Oct 8 09:54:13.786 2001
Oct 8 09:54:13.786 2001 [18935] before TLS; tls_support==1 [popper.c:171]
Oct 8 09:54:13.786 2001
Oct 8 09:54:13.787 2001 [18935] ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Oct 8 09:54:13.787 2001
Oct 8 09:54:13.788 2001 [18935] ...have /dev/urandom; skipping PRNG seeding
[pop_tls_openssl.c:282]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...setting method to SSLv23_server_method
[pop_tls_openssl.c:306]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...allocating OpenSSL context [pop_tls_openssl.c:336]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...setting certificate file
/usr/local/apache/conf/ssl.crt/server.crt [pop_tls_openssl.c:346]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...setting private key file
/usr/local/apache/conf/ssl.key/server.key [pop_tls_openssl.c:367]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...verifying private key against certificate
[pop_tls_openssl.c:381]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...setting input (0) and output (0) file descriptors
[pop_tls_openssl.c:429]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] ...successfully completed OpenSSL initialization
[pop_tls_openssl.c:449]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] TLS Init [popper.c:193]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.788 2001 [18935] Attempting OpenSSL handshake [pop_tls_openssl.c:498]
Oct 8 09:54:13.788 2001
Oct 8 09:54:13.789 2001 [18935] tls accept returned 0 [pop_tls_openssl.c:501]
Oct 8 09:54:13.789 2001
Oct 8 09:54:13.789 2001 [18935] SSL_get_error says SSL_ERROR_SYSCALL (5)
[pop_tls_openssl.c:507]
Oct 8 09:54:13.789 2001
Oct 8 09:54:13.789 2001 [18935] TLS handshake Error [pop_tls_openssl.c:541]
Oct 8 09:54:13.789 2001
Oct 8 09:54:13.789 2001 [18935] TLS/SSL Handshake failed: -1 [popper.c:204]
Oct 8 09:54:13.789 2001
d e b u g - o u t p u t f o r "s t l s" o n p o r t" 995 :
Oct 8 09:27:49.965 2001 [18705] Trace and Debug destination is file
"/var/log/popper.log" [pop_config.c:1108]
Oct 8 09:27:49.965 2001
Oct 8 09:27:49.965 2001 [18705] ...read line 4 (22): set tls-support = stls
[pop_config.c:1314]
Oct 8 09:27:49.965 2001
Oct 8 09:27:49.965 2001 [18705] Set tls-support to STLS (2) [pop_config.c:1195]
Oct 8 09:27:49.965 2001
Oct 8 09:27:49.965 2001 [18705] ...read line 5 (49): set config-file =
/etc/QPopper/common_popper.conf [pop_config.c:1314]
Oct 8 09:27:49.965 2001
Oct 8 09:27:49.965 2001 [18705] Processing config file
'/etc/QPopper/common_popper.conf'; CallTime=1 [pop_config.c:1278]
[...]
Oct 8 09:27:49.966 2001 [18705] ...read line 31 (68): set tls-server-cert-file =
/usr/local/apache/conf/ssl.crt/server.crt [pop_config.c:1314]
Oct 8 09:27:49.966 2001
Oct 8 09:27:49.966 2001 [18705] Set tls-server-cert-file to
"/usr/local/apache/conf/ssl.crt/server.crt" [pop_config.c:1211]
Oct 8 09:27:49.966 2001
Oct 8 09:27:49.966 2001 [18705] ...read line 32 (68): set tls-private-key-file =
/usr/local/apache/conf/ssl.key/server.key [pop_config.c:1314]
Oct 8 09:27:49.966 2001
Oct 8 09:27:49.966 2001 [18705] Set tls-private-key-file to
"/usr/local/apache/conf/ssl.key/server.key" [pop_config.c:1211]
Oct 8 09:27:49.966 2001
[...]
Oct 8 09:27:49.966 2001 [18705] Finished processing config file
'/etc/QPopper/common_popper.conf'; rslt=1 [pop_config.c:1462]
Oct 8 09:27:49.966 2001
Oct 8 09:27:49.966 2001 [18705] Finished processing config file
'/etc/QPopper/tssl_popper.conf'; rslt=1 [pop_config.c:1462]
Oct 8 09:27:49.966 2001
Oct 8 09:27:49.969 2001 [18705] (v4.0.3) Servicing request from
"chaos.dvz.fh-giessen.de" at 212.201.18.85 [pop_init.c:1152]
Oct 8 09:27:49.969 2001
Oct 8 09:27:49.969 2001 [18705] before TLS; tls_support==2 [popper.c:171]
Oct 8 09:27:49.969 2001
Oct 8 09:27:49.969 2001 [18705] ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Oct 8 09:27:49.969 2001
Oct 8 09:27:49.970 2001 [18705] ...have /dev/urandom; skipping PRNG seeding
[pop_tls_openssl.c:282]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...setting method to SSLv23_server_method
[pop_tls_openssl.c:306]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...allocating OpenSSL context [pop_tls_openssl.c:336]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...setting certificate file
/usr/local/apache/conf/ssl.crt/server.crt [pop_tls_openssl.c:346]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...setting private key file
/usr/local/apache/conf/ssl.key/server.key [pop_tls_openssl.c:367]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...verifying private key against certificate
[pop_tls_openssl.c:381]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.970 2001 [18705] ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Oct 8 09:27:49.970 2001
Oct 8 09:27:49.971 2001 [18705] ...setting input (0) and output (0) file descriptors
[pop_tls_openssl.c:429]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.971 2001 [18705] ...successfully completed OpenSSL initialization
[pop_tls_openssl.c:449]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.971 2001 [18705] TLS Init [popper.c:193]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.971 2001 [18705] (v4.0.3) Intro [popper.c:238]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.971 2001 [18705] +OK Qpopper (version 4.0.3) at
david.dvz.fh-giessen.de starting. [popper.c:251]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.971 2001 [18705] Qpopper ready for input from (null) at
chaos.dvz.fh-giessen.de [212.201.18.85] [popper.c:283]
Oct 8 09:27:49.971 2001
Oct 8 09:27:49.974 2001 [18705] (null) at chaos.dvz.fh-giessen.de (212.201.18.85):
-ERR POP EOF or I/O Error [popper.c:794]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] I/O error flushing output to client at
chaos.dvz.fh-giessen.de [212.201.18.85]: Operation not permitted (1) [pop_send.c:685]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] +OK Pop server at david.dvz.fh-giessen.de signing
off. [popper.c:351]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] I/O error flushing output to client at
chaos.dvz.fh-giessen.de [212.201.18.85]: Operation not permitted (1) [pop_send.c:685]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] pTLS->m_pPOP->tls_started == false
[pop_tls_openssl.c:807]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] freeing m_OpenSSLconn [pop_tls_openssl.c:811]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] freeing m_OpenSSLctx [pop_tls_openssl.c:817]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] openssl_shutdown returning 0 [pop_tls_openssl.c:822]
Oct 8 09:27:49.974 2001
Oct 8 09:27:49.974 2001 [18705] (v4.0.3) Ending request from "" at
(chaos.dvz.fh-giessen.de) 212.201.18.85 [popper.c:368]
Oct 8 09:27:49.974 2001
