Package: courier-imap-ssl Version: 4.4.0-2 Severity: important
Hi, I just upgraded to lenny and found that my imap SSL connection no longer works. maia:~$ telnet -z ssl mail.utsl.gen.nz 993 Trying 202.78.240.73... SSL_connect: Success maia:~$ In Evolution this manifested as "Error while Refreshing folder", and clicking on the little alert triangle that appears in the bottom left it then says "Server unexpectedly disconnected: Input/output error" I downgraded to the etch courier-imap-ssl package, then re-upgraded, keeping the old config file - which worked. I eventually worked out that the new TLS_TRUSTCERTS option was triggering the issue. Also, I saw this error message in /var/log/mail.log: Oct 16 11:12:49 mail imapd-ssl: couriertls: connect: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table Removing the /var/lib/courier/couriersslcache file did not resolve this, however removing all of the hashed certs in /usr/lib/ssl/certs fixed it. maia:~$ telnet -z ssl mail.utsl.gen.nz 993 Trying 202.78.240.73... Connected to mail.utsl.gen.nz. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. ^] telnet> close maia:~$ Workarounds: 1. remove hashed certificates in /usr/lib/ssl/certs rm /usr/lib/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]* 2. disable TLS_TRUSTCERTS in /etc/courier/imapd-ssl -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.16.x Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages courier-imap-ssl depends on: di courier-imap 4.4.0-2 Courier mail server - IMAP server ii courier-ssl 0.60.0-2 Courier mail server - SSL/TLS Supp ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a courier-imap-ssl recommends no packages. Versions of packages courier-imap-ssl suggests: pn courier-doc <none> (no description available) ii mutt [imap-client] 1.5.18-4 text-based mailreader supporting M -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
