>>>>> On Sun, 19 Aug 2001 16:23:26 -0400,
>>>>> Lawrence Greenfield <[EMAIL PROTECTED]> (lg) writes:
lg> openssl x509 -in <certfile> -hash
lg> At the top of the output, you'll see something like:
lg> d6e6472d
lg> Link "d6e6472d.0" to the actual cert file.
If I do this instead of using tls_ca_file, using the same cert
(vsignss.pem) that's included with openssl, I get the same results:
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
I also posted a similar query on the openssl list and this is what
Lutz Jaenicke <[EMAIL PROTECTED]> had to say:
This error message tells you, that the chain is complete (the verification
process reaches the root CA chain and finds it to be sel signed).
However the verification cannot succeed, as the root CA certificate must
be available as a local copy for verification purposes.
From the API point of view, this is achieved by loading it using
SSL_CTX_load_verify_locations()
Now I'm getting really confused because it looks to me that Cyrus is
calling SSL_CTX_load_verify_locations appropriately, from what
little I know of these libraries. Also, I no longer see "TLS
engine: cannot load CA data" in the logs, so seems to me this cert
is getting loaded.
Regarding Eudora 5.1, using STARTTLS fails, but using the "Required,
Alternate Port" setting works. Playing with imtest (am I doing this
right?) I get:
$ imtest -t "" -m plain localhost
C: C01 CAPABILITY
S: * OK andromeda Cyrus IMAP4 v2.1.0pre server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE STARTTLS X-NETSCAPE
S: C01 OK Completed
S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
SSL_connect error -1
SSL session removed
TLS negotiation failed!
C: C01 CAPABILITY
S: 01S: * BAD Invalid tag
This looks kinda like what chirs charter is experiencing, maybe?
--
Amos
