That was a typo in my email, I was compiling --with-openssl not --with-ssl.
The good news is that I figured what the problem is though! Now EVERYTHING is working!! Woo Hoo! Basically I had manually compiled openssl-0.9.6b. For ssh there is non need to add the "shared" configure flag (which compiles shared libraries as well as normal libraries). However, when cyrus is compiled it needs the libssl.so shared library (which I originally didn't compile with openssl). So I just recompiled openssl and added the shared flag (which made the shared library). Then I recompiled cyrus: ./config ... --with-openssl=/usr/local/lib (where libssl.so is installed). BAM, ssl/tls works !! Long story short for those using debian 2.2, make sure you either install libssl-dev or if you compile openssl manually, make sure you add the shared flag to your openssl ./config . Thank you for all your help, Lee -----Original Message----- From: Jeff Bert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 8:53 PM To: Lee Hoffman Cc: 'Cyrus Mailing List' Subject: RE: SSL/TLS i looked in the compile notes for 2.0.16 and I think maybe you have the option wrong... maybe you should try: --with-openssl=/usr/local/ssl and not --with-ssl Jeff > -----Original Message----- > From: Lee Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 4:50 PM > To: 'Jeff Bert'; 'Ken Murchison' > Cc: 'Cyrus Mailing List' > Subject: RE: SSL/TLS > > > So when I restart cyrus I get the same as jeff when I run netstat. > > I'm beginning to wonder if this maybe a compile issue. I just tried > recompiling without --with-ssl, didn't change anything. I also tried a > bunch of different compile time options, nothing helps. My original > configure was: > > ./configure --with-cyrus-group=cyrus --with-cyrus-user=cyrus > --with-sasldir=/usr/local --with-dbdir=/usr/local/BerkeleyDB.3.3 > --with-ssl=/usr/local/ssl > > I then started to look through the config.log file, and I noticed the > following error: > > configure:3631: gcc -o conftest -g -O2 > -I/usr/local/BerkeleyDB.3.3/include -I/usr/local/include > -L/usr/local/BerkeleyDB.3.3/lib -Wl,-rpath,/usr/local/BerkeleyDB.3.3/lib > -L/usr/local/BerkeleyDB.3.3/lib -L/usr/local/lib > -Wl,-rpath,/usr/local/lib conftest.c -lssl -lcrypto -lfl -ldb-3 1>&5 > /usr/bin/ld: cannot find -lssl > > I tried adding /usr/local/ssl/lib to ld.so.conf, but ofcourse that didnt > change anything because that's only for runtime. > > Does any of the above spark any insights with anyone? > > Thanks, > Lee > > -----Original Message----- > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 4:36 PM > To: Lee Hoffman > Cc: 'Cyrus Mailing List' > Subject: RE: SSL/TLS > > also, i'd do a 'netstat -an | grep 993' to see if anything is listening > on that port... i get: > > tcp 0 0.0.0.0:993 0.0.0.0:* LISTEN > > and my imaps port works. > > Jeff > > > -----Original Message----- > > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 1:16 PM > > To: Lee Hoffman > > Cc: 'Cyrus Mailing List' > > Subject: RE: SSL/TLS > > > > > > maybe you should look in /etc/xinetd.d/ and see if there is an imaps > > file floating unwarranted in there. maybe some other process is > > intercepting > > it... i know this is a wild guess.... > > > > jeff > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken > Murchison > > > Sent: Wednesday, May 22, 2002 12:35 PM > > > To: Lee Hoffman > > > Cc: 'Cyrus Mailing List' > > > Subject: Re: SSL/TLS > > > > > > > > > > > > > > > Lee Hoffman wrote: > > > > > > > > The log was already at local6.debug. When I try to login, no imapd > -s > > > > process is spawned, and the logs show nothing at all (atleast > > that I can > > > > discern, there are a number of users logging in and out, so > > theres a lot > > > > of stuff being printed). > > > > > > > > It seems to me that it's a problem with master not spawning > > (it listens, > > > > but then doesn't spawn). > > > > > > If its listening but not spawning, master probably thinks there is a > > > process already running which can service this. The 'available' > count > > > can get screwed up if a process gets killed but master doesn't know > > > about it. > > > > > > I would try restarting master. > > > > > > > Im going to try a recompile without the --with-ssl, any other > ideas > > > > before I do so (Im trying to avoid it since this is a live > server)? > > > > > > This probably won't make a difference. imapd would complain if your > > > tried to do SSL/TLS and it wasn't compiled with it. > > > > > > > > > > > > > -----Original Message----- > > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, May 22, 2002 3:13 PM > > > > To: Lee Hoffman > > > > Cc: 'Cyrus Mailing List' > > > > Subject: Re: SSL/TLS > > > > > > > > Lee Hoffman wrote: > > > > > > > > > > Im not sure if its being caused by login attempts via ssl > > (although it > > > > > seems to happen when I try to login via ssl from a mail > > client or when > > > > I > > > > > run the command below), but imapd prints the following: > > > > > > > > > > May 22 14:55:51 servername master[18641]: process 28462 > > exited, status > > > > 0 > > > > > > > > > > Yes, imaps is listed in /etc/services > > > > > > > > Alright. Crank the imap logging level up to local6.debug and > restart > > > > syslogd. > > > > > > > > Try to make another connection, and see if an 'imapd -s' gets > spawned. > > > > Look in imapd.log and do a 'ps -f -u cyrus'. > > > > > > > > If you have a running 'imapd -s', then do an strace on it to > > see what it > > > > is doing. > > > > > > > > Ken > > > > > > > > > -----Original Message----- > > > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, May 22, 2002 2:52 PM > > > > > To: Lee Hoffman > > > > > Cc: 'Cyrus Mailing List' > > > > > Subject: Re: SSL/TLS > > > > > > > > > > Lee Hoffman wrote: > > > > > > > > > > > > When I run /usr/local/ssl/bin/openssl s_client -connect > > > > localhost:993 > > > > > > > > > > > > The following is printed: > > > > > > > > > > > > CONNECTED(00000003) > > > > > > > > > > > > Then it just hangs. > > > > > > > > > > Check imapd.log for errors. Is "imaps" listed in /etc/services? > > > > > > > > > > Ken > > > > > -- > > > > > Kenneth Murchison Oceana Matrix Ltd. > > > > > Software Engineer 21 Princeton Place > > > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > > > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp > > > > > > > > -- > > > > Kenneth Murchison Oceana Matrix Ltd. > > > > Software Engineer 21 Princeton Place > > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp > > > > > > -- > > > Kenneth Murchison Oceana Matrix Ltd. > > > Software Engineer 21 Princeton Place > > > 716-662-8973 x26 Orchard Park, NY 14127 > > > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp > > > > > > >
