Wesley Craig wrote, at 03/20/2008 01:57 PM:
> On 20 Mar 2008, at 13:07, Jorey Bump wrote:
>> On a lark, I pointed tls_ca_file to an old root certificate I once
>> needed for a chained root. It contains only a single certificate, and
>> STARTTLS connections on port 143 work when it is defined.
>
>
On 20 Mar 2008, at 13:07, Jorey Bump wrote:
> Andrew Morgan wrote, at 03/20/2008 12:20 PM:
>> Maybe the format of your CA bundle file is not what openssl
>> expects? Do
>> you get valid output when you run:
>>
>> openssl x509 -in /etc/ssl/certs/ -text
> I'm not sure. There are no errors, but
Andrew Morgan wrote, at 03/20/2008 12:20 PM:
> Just for reference, I'm using the following TLS settings with 2.3.11
> just fine:
>
> tls_ca_file: /etc/ssl/certs/thawte-premium.pem
> tls_ca_path: /etc/ssl/certs
> tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt
> tls_key_file: /etc/ssl
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Wesley Craig wrote, at 03/18/2008 08:48 PM:
>> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>>
>> Do you use client certificates? Because the message you're quoting is
>> about
Wesley Craig wrote, at 03/18/2008 08:48 PM:
> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>
> Do you use client certificates? Because the message you're quoting is
> about someone who does:
>
> http://lists.andrew.
Jorey Bump wrote, at 03/19/2008 06:41 PM:
> tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt
This seems to be the cause of the problem. If I remove this setting,
everything works as expected. Note that this didn't interfere on 2.3.7.
The entry in imapd.conf(5) isn't very illuminating:
tls_ca
Patrick T. Tsang wrote, at 03/19/2008 07:07 PM:
> try this:
> ...
> sasl_mech_list: PLAIN LOGIN
> ...
No effect.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Andrew Morgan wrote, at 03/19/2008 06:57 PM:
> Those look fine to me. I'm not sure about the sasl_minimum_layer
> setting. Have you tried setting that to 0?
Yes, but no joy. :(
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/I
hello,
try this:
...
sasl_mech_list: PLAIN LOGIN
...
patrick
- Original Message -
From: "Jorey Bump" <[EMAIL PROTECTED]>
To: "Sebastian Hagedorn" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, March 20, 2008 6:49 AM
Subject: Re: STARTTLS on Cyrus IMAPd 2.3.1
Wesley Craig wrote, at 03/19/2008 04:53 PM:
> You know, this *almost* sounds like you've configure Thunderbird to do
> TLS on the imaps port.
No, its connecting to port 143 with TLS checked. I've provided my
cyrus.conf in another message, where you can see I'm running imapd
without the -s switc
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Andrew Morgan wrote, at 03/19/2008 12:41 PM:
>
>> Maybe I missed it earlier in the thread - can you post your imapd.conf
>> file?
>
> It's pretty simple, and identical to the 2.3.7 instance that's running
> without any problems:
>
> # /etc/imapd.conf
> co
Sebastian Hagedorn wrote, at 03/19/2008 04:03 AM:
> -- Jorey Bump <[EMAIL PROTECTED]> is rumored to have mumbled on 19.
> März 2008 01:09:31 -0400 regarding Re: STARTTLS on Cyrus IMAPd 2.3.11:
>
>> Can anyone confirm that STARTTLS connections to
>> port 143 work with
Andrew Morgan wrote, at 03/19/2008 12:41 PM:
> We run Cyrus v2.3.11 with OpenSSL v0.9.8c-4etch1 (Debian Etch)
> successfully.
Thanks for the confirmation.
> Maybe I missed it earlier in the thread - can you post your imapd.conf
> file?
It's pretty simple, and identical to the 2.3.7 instance t
You know, this *almost* sounds like you've configure Thunderbird to
do TLS on the imaps port.
:wes
On 19 Mar 2008, at 01:09, Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and
>> just
>> realized the current sys
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and just
>> realized the current system uses openssl 0.9.7l, while the new
>> environment uses openssl 0.9.8e. This might be significant, but I
>> h
Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and just
>> realized the current system uses openssl 0.9.7l, while the new
>> environment uses openssl 0.9.8e. This might be significant, but I
>> haven't found anyth
-- Jorey Bump <[EMAIL PROTECTED]> is rumored to have mumbled on 19. März
2008 01:09:31 -0400 regarding Re: STARTTLS on Cyrus IMAPd 2.3.11:
Can anyone confirm that STARTTLS connections to
port 143 work with 2.3.11?
Of course they do. We've been running 2.3.11 for a few months now a
Jorey Bump wrote, at 03/18/2008 09:18 PM:
> I'm focusing now on the open_ssl error "wrong version number" and just
> realized the current system uses openssl 0.9.7l, while the new
> environment uses openssl 0.9.8e. This might be significant, but I
> haven't found anything conclusive. I know tha
Wesley Craig wrote, at 03/18/2008 08:48 PM:
> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>
> Do you use client certificates? Because the message you're quoting is
> about someone who does:
>
> http://lists.andrew.
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
> 028210.html
Do you use client certificates? Because the message you're quoting
is about someone who does:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
0281
Wesley Craig wrote, at 03/18/2008 04:44 PM:
> On 18 Mar 2008, at 16:11, Jorey Bump wrote:
>> Everything
>> seems to be working fine, with the exception of STARTTLS connections to
>> port 143 from *remote* machines.
>>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> verify error:num=19:
On 18 Mar 2008, at 16:11, Jorey Bump wrote:
> Everything
> seems to be working fine, with the exception of STARTTLS
> connections to
> port 143 from *remote* machines.
>
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now
> verify error:num=19:self signed certificate in certificate chain
Who
22 matches
Mail list logo
