Theodore Wynnychenko <[email protected]> wrote: > Hi (again): > > After updating to current yesterday, and then updating all the packages > (using "pkg_add -vui -Dsnap"), I can no longer connect to the ssl (993) port > of the courier-imap server running on the system. > > Prior to the update, ssl connections were working without an issue. > it's working fine for me with: $ ldd /usr/local/bin/couriertls | grep ssl 000011ae13a38000 000011ae13a9c000 rlib 0 1 0 /usr/lib/libssl.so.48.0 and OpenBSD 6.6-current (GENERIC.MP) #425: Fri Nov 1 23:49:35 MDT 2019
there is a libssl bump ongoing, maybe you should rebuild courier-imap from ports or wait for next packages. does "openssl s_client -connect 127.0.0.1:993" works as expected and show you the correct certificate ? > Now, when trying to connect, the client gets a "A secure connection to the > server cannot be established" message. > > On the server, I see the following in the log for each ssl connection > attempt: > > Nov 2 07:40:38 host imapd-ssl: ip=[::ffff:127.0.0.1], couriertls: > /etc/ssl/private/imapd.pem: error:02FFF00D:system > library:func(4095):Permission denied > > Nov 2 07:40:38 host imapd-ssl: ip=[::ffff:127.0.0.1], couriertls: > /etc/ssl/private/imapd.pem: error:20FFF002:BIO > routines:CRYPTO_internal:system lib > > The packages for courier currently installed are: > > pkg_info | grep courier > courier-authlib-0.69.1 authentication library for courier > courier-authlib-mysql-0.69.1 mysql authentication module for > courier-authLib > courier-imap-5.0.8 imap server for maildir format mailboxes > courier-pop3-5.0.8 pop3 server for maildir format mailboxes > courier-unicode-2.1 courier unicode library > > I did not make any changes to the /etc/courier/imapd-ssl configuration file. > What was working for me before was: > cat imapd-ssl |grep -v ^$ | grep -v ^# > SSLPORT=993 > SSLADDRESS=0 > MAXDAEMONS=500 > MAXPERIP=100 > SSLPIDFILE=/var/run/courier/imapd-ssl.pid > SSLLOGGEROPTS="-name=imapd-ssl" > IMAPDSSLSTART=YES > IMAPDSTARTTLS=NO > IMAP_TLS_REQUIRED=0 > COURIERTLS=/usr/local/bin/couriertls > TLS_CERTFILE=/etc/ssl/private/imapd.pem > TLS_DHPARAMS=/etc/ssl/private/imapd.pem > TLS_TRUSTCERTS=/etc/ssl/CA/cacert.pem > TLS_VERIFYPEER=NONE > MAILDIRPATH=Maildir > > Anyway, I don't know what the error lines really mean. I am wondering if it > is something do with the "interface" between courier and the ssl libraries. > I have tried "exploring" the web on this over the last 24 hours, but have > been unable to find anything to point me in any direction. > > As this is an "internal" mail-server, I just re-enabled the non-ssl > connection, so I can still connect to my mail. > > But, I am wondering if there is anything that I could do to resolve this > ssl-connection issue. > > Thanks (again) > Ted > > >
