Re: Secure Imap Problems
On Tue, 21 May 2002, Phil Dibowitz wrote: > > Either I wasn't clear, or you didn't read my post carefully. > > I created the certs. > > What's not there is THE TLS OPTIONS IN THE MAN PAGE. > I can only speak for the cyrus-imapd-2.0.16 distribution, but the file doc/install-configure.html discuss the tls_cert_file and tls_key_file options for imapd.conf. Perhaps it would be a good job for a community member to contribute an update to the man pages. Thaddeus Parkinson
Re: cyrus imapd 2.0.16 w/ SSL problems
Raslin' Frazzlin' Hoogina Shoogina I can't believe that. This whole time, I was trusting imtest. I feel so cheated. Sure thing, I punched open Pine, and it came up with a screen complaining about not having the CA cert, but worked just fine. No errors in the logs. Actually, if it wasn't for Jason's help on the certs, I doubt it would have worked. I had originally tested it from Pine and had it fail, which is why I started using the imtest to get more verbose information. I had assumed that once I got it to work with imtest, it would work with mail clients How naive I am. Anyways, thank you Cyrus Mailing List. Especially a big thanks to Scott and Jason for your help. All looks pretty good from here on out. (Until my next big problem) Thaddeus Parkinson On Fri, 10 May 2002, Scott M Likens wrote: > You know to be quite honest i get the same error message with mine no > matter what, self signed, etc. > > But i'll be honest, it works JUST fine in Mutt, and Mulberry which are my > only SSL based applications i test it on. > > Same error message as you, so i wouldnt worry as much about 'imtest'. It's > not foolproof, nor is it 100%. > > --On Friday, May 10, 2002 10:41 AM -0500 Thaddeus Parkinson > <[EMAIL PROTECTED]> wrote: > > > Jason (and the rest of the Cyrusians out there), > > > > Thanks for the suggestions. The new certs definately get me different > > messages. Now I receive a 'verify error:num=27:certificate not trusted' > > on the CA file. I think this might be a problem with imtest not trusting > > the CA, anybody have any idea of how to make it see the light? 'openssl > > verify' has no problem with them... > > > > However, it still continues past that and dies in the same spot it was > > before. Still not sure if they're related; it's quite irksome. > > > > I have a new option today, though. As if perhaps an answer to my prayers, > > the Fates released a new version of OpenSSL last night. I'm going to > > upgrade to 0.9.6d. Keep your fingers crossed that it'll miraculously cure > > all of my headaches. > > > > Thanks again, > > Thaddeus Parkinson > > > > > > >
Re: cyrus imapd 2.0.16 w/ SSL problems
Well, OpenSSL 0.9.6d has definately made a difference, although I wouldn't say anything has improved. I now receive a 'verify error:num=19:self signed certificate in certificate chain'. I'm not sure if that's an improvement or not, but it looks better. Apart from that, on the server side, I now get a slightly more detailed error on what ails it: 'SSL3 alert write:fatal:protocol version' (prior to this, it was just 'unknown error'). So, why would there be a protocol error? I'm using the standard 'imtest' that ships with 2.0.16 compiled against OpenSSL 0.9.6d, so they should be talking the same jive. Any thoughts on this? Thaddeus Parkinson On Fri, 10 May 2002, Thaddeus Parkinson wrote: > Jason (and the rest of the Cyrusians out there), > > Thanks for the suggestions. The new certs definately get me different > messages. Now I receive a 'verify error:num=27:certificate not trusted' > on the CA file. I think this might be a problem with imtest not trusting > the CA, anybody have any idea of how to make it see the light? 'openssl > verify' has no problem with them... > > However, it still continues past that and dies in the same spot it was > before. Still not sure if they're related; it's quite irksome. > > I have a new option today, though. As if perhaps an answer to my prayers, > the Fates released a new version of OpenSSL last night. I'm going to > upgrade to 0.9.6d. Keep your fingers crossed that it'll miraculously cure > all of my headaches. > > Thanks again, > Thaddeus Parkinson >
Re: cyrus imapd 2.0.16 w/ SSL problems
Jason (and the rest of the Cyrusians out there), Thanks for the suggestions. The new certs definately get me different messages. Now I receive a 'verify error:num=27:certificate not trusted' on the CA file. I think this might be a problem with imtest not trusting the CA, anybody have any idea of how to make it see the light? 'openssl verify' has no problem with them... However, it still continues past that and dies in the same spot it was before. Still not sure if they're related; it's quite irksome. I have a new option today, though. As if perhaps an answer to my prayers, the Fates released a new version of OpenSSL last night. I'm going to upgrade to 0.9.6d. Keep your fingers crossed that it'll miraculously cure all of my headaches. Thanks again, Thaddeus Parkinson
cyrus imapd 2.0.16 w/ SSL problems
0.9.6c) If any of you good folks have any thoughts on this, please let me know. This has become quite a frustration in my life recently. Thanks in advanced (and for good software), Thaddeus Parkinson