Hi!
I'm experiencing some strange problems when running imapd together with
TLS.
A client (like imtest or Outlook) can connect to the imapd service with
TLS but it closes after a few (10-20) requests with a "protocol version"
error.
I would be very grateful for any help on what the solution for this
problem could be.
I'm running:
cyrus-imap 2.2.3
cyrus-sasl 2.1.18
openssl-0.9.7d
heimdal-0.6.1
kth-krb 1.2.2
It looks like this:
* The last request on the client side (from imtest):
B0006 SELECT INBOX.Drafts
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1055754437]
* OK [UIDNEXT 6]
B0006 OK [READ-WRITE] Completed
B0007 SELECT INBOX.Drafts
Protection error: Error 0
Connection closed.
* The logs report:
[ID 736213 local6.debug] open: user fli opened INBOX.Drafts
[ID 199388 local6.debug] SSL3 alert write:fatal:protocol version
[ID 191084 local6.warning] Error 0, closing connection
* A stack trace on the imapd process gives this:
Program received signal SIGPIPE, Broken pipe.
0xfee1fa08 in _write () from /usr/lib/libc.so.1
(gdb) bt
#0 0xfee1fa08 in _write () from /usr/lib/libc.so.1
#1 0xfef3099c in sock_write () from /opt/csw/lib/libcrypto.so.0.9.7
#2 0xfef2d608 in BIO_write () from /opt/csw/lib/libcrypto.so.0.9.7
#3 0xff03bec8 in do_ssl3_write () from /opt/csw/lib/libssl.so.0.9.7
#4 0xff03b854 in ssl3_write_bytes () from /opt/csw/lib/libssl.so.0.9.7
#5 0x586e8 in prot_flush_writebuffer (s=0x116c40,
buf=0x1190e8 "* BYE Error 0\r\nred \\Flagged \\Draft \\Deleted
\\Seen)\r\n* OK [PERMANENTFLAGS (\\Answered \\Flagged \\Draft \\Deleted
\\Seen \\*)] \r\n* 0 EXISTS\r\n* 0 RECENT\r\n* OK [UIDVALIDITY
1055754437] \r\n* OK [UIDNEXT 6] \r\n"..., len=15) at prot.c:609
#6 0x58890 in prot_flush_internal (s=0x116c40, force=1) at prot.c:691
#7 0x1a498 in service_main (argc=0, argv=0x1140b8, envp=0xffbef858) at
imapd.c:586
#8 0x18da4 in main (argc=1061888, argv=0x103400, envp=0xffbef858) at
service.c:557
* Checking the tls_conn struct actually gives a strange protocol version
number (should be 0x301):
(gdb) p *(s->tls_conn)
$1 = {version = 25953, type = 8192, method = 0xff06c558, rbio =
0x116ee0, wbio = 0x12b678, bbio = 0x0, rwstate = 2, in_handshake = 0,
handshake_func = 0xff031280 <ssl3_accept>, server = 1, new_session =
0, quiet_shutdown = 0, shutdown = 0, state = 3, rstate = 241, init_buf =
0x0,
init_msg = 0x12c894, init_num = 0, init_off = 0, packet = 0x131df0
"\025ea", packet_length = 5, s2 = 0x0, s3 = 0x1293f8, read_ahead = 0,
msg_callback = 0, msg_callback_arg = 0x0, hit = 0, purpose = 0, trust
= 0, cipher_list = 0x0, cipher_list_by_id = 0x0, enc_read_ctx =
0x1423e0,
read_hash = 0xfefecee8, expand = 0x0, enc_write_ctx = 0x142578,
write_hash = 0xfefecee8, compress = 0x0, cert = 0x128d88, sid_ctx_length
= 0,
sid_ctx = '\000' <repeats 31 times>, session = 0x12a690,
generate_session_id = 0, verify_mode = 0, verify_depth = -1,
verify_callback = 0x326d4 <verify_callback>, info_callback = 0, error
= 0, error_code = 0, ctx = 0x121d70, debug = 0, verify_result = 0,
ex_data = {
sk = 0x0, dummy = 0}, client_CA = 0x0, references = 1, options =
4095, mode = 3, max_cert_list = 102400, first_packet = 0, client_version
= 769}
Any hints on what the problem could be ?
Best Regards,
Fredrik
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
