Re: [Dovecot] Trying to explain mutt+dovecot(ssl) to myself :(
Wilkinson, Alex wrote: > So I started to write about it and am stuck. Can those that > _understand_ mutt+ssl have a read of what I wrote to myself and > give me your $00.02 worth (corrections etc). Just connect to your IMAP server using openssl. openssl s_client -connect mailserver:993 (optionally with -msg for protcol messages) It will give you most things you need. Otherwise just study some SSL protocol documentation, and you should be able to figure out how SSL generally works. > IMPORTANT: This email remains the property of the Australian Defence > Organisation and is subject to the jurisdiction of section 70 of the > CRIMES ACT 1914. If you have received this email in error, you are > requested to contact the sender and delete the email. Yeah, right.
Re: [Dovecot] Client with SSL client cert support?
Peter Abrahamsen wrote: > I've gleaned that dovecot has support for verifying SSL client certs on > connect. What IMAP clients have people found that support sending a > specific SSL cert? I can't find this feature in Thunderbird, at least. (sorry, I accidentally sent it directly to Peter) You can set "security.default_peronal_cert" to "Ask Every Time" in Thunderbird, but it's not very nice. If you use a recent Dovecot, it will send out a list of accepted CA names, so the client will select the proper one automatically. Johnny
Re: [Dovecot] v1.0.0 released
Timo Sirainen wrote: > It took almost 5 years, but it's finally ready. I'm not expecting to > release v1.0.1 anytime soon, unless someone's been sitting on a major > bug just waiting for v1.0 to be released. :) Congratulations! You have done a wonderful job. Johnny
Re: [Dovecot] 1.0.rc30 released
Timo Sirainen wrote: + Send list of CA names to client when using ssl_verify_client_cert=yes. This is wonderful news! Thank you for implementing this so quickly into the official distribution.
Re: [Dovecot] No CA names sent in TLS handshake
Timo Sirainen wrote: On Tue, 2007-04-03 at 11:50 +0200, Johnny Chadda wrote: Timo Sirainen wrote: Well, I'm not that big of an OpenSSL guru, but googling shows that with other software it's often a certificate configuration problem. Did you set ssl_ca_file and does the file contain a valid CA and CRL? Yes, the certificates are Ok. It works if I explicitly select which client certificate to send to the server from the mail client. Normal users shouldn't have to do this though. It should be selected based on which accepted CA names the server sends. It works fine in Cyrus (which I will use if this does not work) and Postfix. Does the attached patch fix it? Indeed, it did! Thanks! Hope to see this built-in in the next release. :)
Re: [Dovecot] No CA names sent in TLS handshake
Timo Sirainen wrote: Well, I'm not that big of an OpenSSL guru, but googling shows that with other software it's often a certificate configuration problem. Did you set ssl_ca_file and does the file contain a valid CA and CRL? Yes, the certificates are Ok. It works if I explicitly select which client certificate to send to the server from the mail client. Normal users shouldn't have to do this though. It should be selected based on which accepted CA names the server sends. It works fine in Cyrus (which I will use if this does not work) and Postfix.
[Dovecot] No CA names sent in TLS handshake
Hello, I'm setting up Dovecot with client certificates and everything is working fine as long as the client only has one certificate in his store. If he has more than one, the wrong one might be sent to the server. The root of the problem is that Dovecot does not send out a list of valid CA names in the TLS handshake. If I connect using openssl s_client I get: "No client certificate CA names sent" I am using Dovecot 1.0 RC15 from backports.org. Is there a solution to this problem? Regards, Johnny
