On 05/25/12 02:53, Sam Varshavchik wrote: > Grzesiek Sójka writes: > >> ssl connection. If I connect using my mobile phone or the mail >> application running on apple OS X everything works fine. But when trying >> to establish ssl connection using icedove running on PLD linux I get >> following messages in the mail log file: >> >> May 23 17:51:38 Hermes imapd-ssl: Connection, ip=[::ffff:192.168.0.1] >> May 23 17:51:38 Hermes imapd-ssl: couriertls: read: error:14094418:SSL >> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca >> May 23 17:51:38 Hermes imapd-ssl: Disconnected, ip=[::ffff:192.168.0.1], >> time=0, starttls=1 >> >> I generated a new (self signed) certificate, change the configuration >> but still no luck. > > Are you using client certificates? This looks like you're using client > certs, and the cert that the client presented has been signed with an > unknown CA, and you have client cert verification enabled. > > Either disable certificate validation (TLS_VERIFYPEER=NONE), or put the > CA cert that your client's cert is signed with into the TLS_TRUSTCERTS > file.
Hm.. In my case: [root@Hermes courier-imap]# egrep -v "^#|^$" imapd-ssl SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=NO IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_PROTOCOL="SSL23" TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/mail/cert/Hermes.sojka.co.pem TLS_TRUSTCERTS=/etc/certs/ca-bundle.crt TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/spool/courier-imap/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir Regards Greg ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
