New difficulties (sorry to bore you again), I try to configure Qpopper to accept SSL-Conections from Microsoft-Clients, for our Microsoft users. I am testing with Microsoft-Outlook 2000 (9.0.0.2814). On the server-side I run both protocols ("stls" ; "alternate-port") successively on Port 995. It failed in both cases. The Error-Message from MS-Outlook isn't very useful. Therefore I have (consecutively) included the debug-output from the both daemons.
The "alternate-port" debug-output says, that the TLS/SSL handshake failed - but why ? The debug output from the "stls" option tells me practically nothing. (I am no TLS/SSL expert). :-( Maybe you'll skim over it ... regards - oliver d e b u g - o u t p u t f o r "a l t e r n a t e - p o r t" o n p o r t 995 : Oct 8 09:54:13.783 2001 [18935] Trace and Debug destination is file "/var/log/alt_popper.log" [pop_config.c:1108] Oct 8 09:54:13.783 2001 Oct 8 09:54:13.783 2001 [18935] ...read line 4 (32): set tls-support = alternate-port [pop_config.c:1314] Oct 8 09:54:13.783 2001 Oct 8 09:54:13.783 2001 [18935] Set tls-support to alternate-port (1) [pop_config.c:1195] Oct 8 09:54:13.783 2001 Oct 8 09:54:13.783 2001 [18935] ...read line 5 (49): set config-file = /etc/QPopper/common_popper.conf [pop_config.c:1314] Oct 8 09:54:13.783 2001 Oct 8 09:54:13.783 2001 [18935] Processing config file '/etc/QPopper/common_popper.conf'; CallTime=1 [pop_config.c:1278] [...] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 31 (68): set tls-server-cert-file = /usr/local/apache/conf/ssl.crt/server.crt [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] Set tls-server-cert-file to "/usr/local/apache/conf/ssl.crt/server.crt" [pop_config.c:1211] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 32 (68): set tls-private-key-file = /usr/local/apache/conf/ssl.key/server.key [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] Set tls-private-key-file to "/usr/local/apache/conf/ssl.key/server.key" [pop_config.c:1211] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 33 (0): [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 34 (0): [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 35 (0): [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] ...read line 36 (0): [pop_config.c:1314] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] Finished processing config file '/etc/QPopper/common_popper.conf'; rslt=1 [pop_config.c:1462] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.784 2001 [18935] Finished processing config file '/etc/QPopper/alt_popper.conf'; rslt=1 [pop_config.c:1462] Oct 8 09:54:13.784 2001 Oct 8 09:54:13.786 2001 [18935] (v4.0.3) Servicing request from "chaos.dvz.fh-giessen.de" at 212.201.18.85 [pop_init.c:1152] Oct 8 09:54:13.786 2001 Oct 8 09:54:13.786 2001 [18935] before TLS; tls_support==1 [popper.c:171] Oct 8 09:54:13.786 2001 Oct 8 09:54:13.787 2001 [18935] ...Initializing OpenSSL library [pop_tls_openssl.c:224] Oct 8 09:54:13.787 2001 Oct 8 09:54:13.788 2001 [18935] ...have /dev/urandom; skipping PRNG seeding [pop_tls_openssl.c:282] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...setting method to SSLv23_server_method [pop_tls_openssl.c:306] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...allocating OpenSSL context [pop_tls_openssl.c:336] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...setting certificate file /usr/local/apache/conf/ssl.crt/server.crt [pop_tls_openssl.c:346] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...setting private key file /usr/local/apache/conf/ssl.key/server.key [pop_tls_openssl.c:367] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...verifying private key against certificate [pop_tls_openssl.c:381] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...(tls_cipher_list not specified) [pop_tls_openssl.c:408] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...allocating OpenSSL connection [pop_tls_openssl.c:419] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...setting input (0) and output (0) file descriptors [pop_tls_openssl.c:429] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] ...successfully completed OpenSSL initialization [pop_tls_openssl.c:449] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] TLS Init [popper.c:193] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.788 2001 [18935] Attempting OpenSSL handshake [pop_tls_openssl.c:498] Oct 8 09:54:13.788 2001 Oct 8 09:54:13.789 2001 [18935] tls accept returned 0 [pop_tls_openssl.c:501] Oct 8 09:54:13.789 2001 Oct 8 09:54:13.789 2001 [18935] SSL_get_error says SSL_ERROR_SYSCALL (5) [pop_tls_openssl.c:507] Oct 8 09:54:13.789 2001 Oct 8 09:54:13.789 2001 [18935] TLS handshake Error [pop_tls_openssl.c:541] Oct 8 09:54:13.789 2001 Oct 8 09:54:13.789 2001 [18935] TLS/SSL Handshake failed: -1 [popper.c:204] Oct 8 09:54:13.789 2001 d e b u g - o u t p u t f o r "s t l s" o n p o r t" 995 : Oct 8 09:27:49.965 2001 [18705] Trace and Debug destination is file "/var/log/popper.log" [pop_config.c:1108] Oct 8 09:27:49.965 2001 Oct 8 09:27:49.965 2001 [18705] ...read line 4 (22): set tls-support = stls [pop_config.c:1314] Oct 8 09:27:49.965 2001 Oct 8 09:27:49.965 2001 [18705] Set tls-support to STLS (2) [pop_config.c:1195] Oct 8 09:27:49.965 2001 Oct 8 09:27:49.965 2001 [18705] ...read line 5 (49): set config-file = /etc/QPopper/common_popper.conf [pop_config.c:1314] Oct 8 09:27:49.965 2001 Oct 8 09:27:49.965 2001 [18705] Processing config file '/etc/QPopper/common_popper.conf'; CallTime=1 [pop_config.c:1278] [...] Oct 8 09:27:49.966 2001 [18705] ...read line 31 (68): set tls-server-cert-file = /usr/local/apache/conf/ssl.crt/server.crt [pop_config.c:1314] Oct 8 09:27:49.966 2001 Oct 8 09:27:49.966 2001 [18705] Set tls-server-cert-file to "/usr/local/apache/conf/ssl.crt/server.crt" [pop_config.c:1211] Oct 8 09:27:49.966 2001 Oct 8 09:27:49.966 2001 [18705] ...read line 32 (68): set tls-private-key-file = /usr/local/apache/conf/ssl.key/server.key [pop_config.c:1314] Oct 8 09:27:49.966 2001 Oct 8 09:27:49.966 2001 [18705] Set tls-private-key-file to "/usr/local/apache/conf/ssl.key/server.key" [pop_config.c:1211] Oct 8 09:27:49.966 2001 [...] Oct 8 09:27:49.966 2001 [18705] Finished processing config file '/etc/QPopper/common_popper.conf'; rslt=1 [pop_config.c:1462] Oct 8 09:27:49.966 2001 Oct 8 09:27:49.966 2001 [18705] Finished processing config file '/etc/QPopper/tssl_popper.conf'; rslt=1 [pop_config.c:1462] Oct 8 09:27:49.966 2001 Oct 8 09:27:49.969 2001 [18705] (v4.0.3) Servicing request from "chaos.dvz.fh-giessen.de" at 212.201.18.85 [pop_init.c:1152] Oct 8 09:27:49.969 2001 Oct 8 09:27:49.969 2001 [18705] before TLS; tls_support==2 [popper.c:171] Oct 8 09:27:49.969 2001 Oct 8 09:27:49.969 2001 [18705] ...Initializing OpenSSL library [pop_tls_openssl.c:224] Oct 8 09:27:49.969 2001 Oct 8 09:27:49.970 2001 [18705] ...have /dev/urandom; skipping PRNG seeding [pop_tls_openssl.c:282] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...setting method to SSLv23_server_method [pop_tls_openssl.c:306] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...allocating OpenSSL context [pop_tls_openssl.c:336] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...setting certificate file /usr/local/apache/conf/ssl.crt/server.crt [pop_tls_openssl.c:346] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...setting private key file /usr/local/apache/conf/ssl.key/server.key [pop_tls_openssl.c:367] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...verifying private key against certificate [pop_tls_openssl.c:381] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...(tls_cipher_list not specified) [pop_tls_openssl.c:408] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.970 2001 [18705] ...allocating OpenSSL connection [pop_tls_openssl.c:419] Oct 8 09:27:49.970 2001 Oct 8 09:27:49.971 2001 [18705] ...setting input (0) and output (0) file descriptors [pop_tls_openssl.c:429] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.971 2001 [18705] ...successfully completed OpenSSL initialization [pop_tls_openssl.c:449] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.971 2001 [18705] TLS Init [popper.c:193] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.971 2001 [18705] (v4.0.3) Intro [popper.c:238] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.971 2001 [18705] +OK Qpopper (version 4.0.3) at david.dvz.fh-giessen.de starting. [popper.c:251] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.971 2001 [18705] Qpopper ready for input from (null) at chaos.dvz.fh-giessen.de [212.201.18.85] [popper.c:283] Oct 8 09:27:49.971 2001 Oct 8 09:27:49.974 2001 [18705] (null) at chaos.dvz.fh-giessen.de (212.201.18.85): -ERR POP EOF or I/O Error [popper.c:794] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] I/O error flushing output to client at chaos.dvz.fh-giessen.de [212.201.18.85]: Operation not permitted (1) [pop_send.c:685] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] +OK Pop server at david.dvz.fh-giessen.de signing off. [popper.c:351] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] I/O error flushing output to client at chaos.dvz.fh-giessen.de [212.201.18.85]: Operation not permitted (1) [pop_send.c:685] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] pTLS->m_pPOP->tls_started == false [pop_tls_openssl.c:807] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] freeing m_OpenSSLconn [pop_tls_openssl.c:811] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] freeing m_OpenSSLctx [pop_tls_openssl.c:817] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] openssl_shutdown returning 0 [pop_tls_openssl.c:822] Oct 8 09:27:49.974 2001 Oct 8 09:27:49.974 2001 [18705] (v4.0.3) Ending request from "" at (chaos.dvz.fh-giessen.de) 212.201.18.85 [popper.c:368] Oct 8 09:27:49.974 2001