Wesley Craig wrote, at 03/20/2008 01:57 PM:
> On 20 Mar 2008, at 13:07, Jorey Bump wrote:
>> On a lark, I pointed tls_ca_file to an old root certificate I once
>> needed for a chained root. It contains only a single certificate, and
>> STARTTLS connections on port 143 work when it is defined.
>
>
On 20 Mar 2008, at 13:07, Jorey Bump wrote:
> Andrew Morgan wrote, at 03/20/2008 12:20 PM:
>> Maybe the format of your CA bundle file is not what openssl
>> expects? Do
>> you get valid output when you run:
>>
>> openssl x509 -in /etc/ssl/certs/ -text
> I'm not sure. There are no errors, but
Andrew Morgan wrote, at 03/20/2008 12:20 PM:
> Just for reference, I'm using the following TLS settings with 2.3.11
> just fine:
>
> tls_ca_file: /etc/ssl/certs/thawte-premium.pem
> tls_ca_path: /etc/ssl/certs
> tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt
> tls_key_file: /etc/ssl
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Wesley Craig wrote, at 03/18/2008 08:48 PM:
>> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>>
>> Do you use client certificates? Because the message you're quoting is
>> about
Wesley Craig wrote, at 03/18/2008 08:48 PM:
> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>
> Do you use client certificates? Because the message you're quoting is
> about someone who does:
>
> http://lists.andrew.
Jorey Bump wrote, at 03/19/2008 06:41 PM:
> tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt
This seems to be the cause of the problem. If I remove this setting,
everything works as expected. Note that this didn't interfere on 2.3.7.
The entry in imapd.conf(5) isn't very illuminating:
tls_ca
Patrick T. Tsang wrote, at 03/19/2008 07:07 PM:
> try this:
> ...
> sasl_mech_list: PLAIN LOGIN
> ...
No effect.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Andrew Morgan wrote, at 03/19/2008 06:57 PM:
> Those look fine to me. I'm not sure about the sasl_minimum_layer
> setting. Have you tried setting that to 0?
Yes, but no joy. :(
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/I
hello,
try this:
...
sasl_mech_list: PLAIN LOGIN
...
patrick
- Original Message -
From: "Jorey Bump" <[EMAIL PROTECTED]>
To: "Sebastian Hagedorn" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, March 20, 2008 6:49 AM
Subject: Re: STARTTLS on Cyrus IMAPd 2.3.1
Wesley Craig wrote, at 03/19/2008 04:53 PM:
> You know, this *almost* sounds like you've configure Thunderbird to do
> TLS on the imaps port.
No, its connecting to port 143 with TLS checked. I've provided my
cyrus.conf in another message, where you can see I'm running imapd
without the -s switc
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Andrew Morgan wrote, at 03/19/2008 12:41 PM:
>
>> Maybe I missed it earlier in the thread - can you post your imapd.conf
>> file?
>
> It's pretty simple, and identical to the 2.3.7 instance that's running
> without any problems:
>
> # /etc/imapd.conf
> co
Sebastian Hagedorn wrote, at 03/19/2008 04:03 AM:
> -- Jorey Bump <[EMAIL PROTECTED]> is rumored to have mumbled on 19.
> März 2008 01:09:31 -0400 regarding Re: STARTTLS on Cyrus IMAPd 2.3.11:
>
>> Can anyone confirm that STARTTLS connections to
>> port 143 work with
Andrew Morgan wrote, at 03/19/2008 12:41 PM:
> We run Cyrus v2.3.11 with OpenSSL v0.9.8c-4etch1 (Debian Etch)
> successfully.
Thanks for the confirmation.
> Maybe I missed it earlier in the thread - can you post your imapd.conf
> file?
It's pretty simple, and identical to the 2.3.7 instance t
You know, this *almost* sounds like you've configure Thunderbird to
do TLS on the imaps port.
:wes
On 19 Mar 2008, at 01:09, Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and
>> just
>> realized the current sys
On Wed, 19 Mar 2008, Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and just
>> realized the current system uses openssl 0.9.7l, while the new
>> environment uses openssl 0.9.8e. This might be significant, but I
>> h
Jorey Bump wrote:
> Jorey Bump wrote, at 03/18/2008 09:18 PM:
>
>> I'm focusing now on the open_ssl error "wrong version number" and just
>> realized the current system uses openssl 0.9.7l, while the new
>> environment uses openssl 0.9.8e. This might be significant, but I
>> haven't found anyth
-- Jorey Bump <[EMAIL PROTECTED]> is rumored to have mumbled on 19. März
2008 01:09:31 -0400 regarding Re: STARTTLS on Cyrus IMAPd 2.3.11:
Can anyone confirm that STARTTLS connections to
port 143 work with 2.3.11?
Of course they do. We've been running 2.3.11 for a few months now a
Jorey Bump wrote, at 03/18/2008 09:18 PM:
> I'm focusing now on the open_ssl error "wrong version number" and just
> realized the current system uses openssl 0.9.7l, while the new
> environment uses openssl 0.9.8e. This might be significant, but I
> haven't found anything conclusive. I know tha
Wesley Craig wrote, at 03/18/2008 08:48 PM:
> On 18 Mar 2008, at 17:55, Jorey Bump wrote:
>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
>
> Do you use client certificates? Because the message you're quoting is
> about someone who does:
>
> http://lists.andrew.
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
> 028210.html
Do you use client certificates? Because the message you're quoting
is about someone who does:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
0281
Wesley Craig wrote, at 03/18/2008 04:44 PM:
> On 18 Mar 2008, at 16:11, Jorey Bump wrote:
>> Everything
>> seems to be working fine, with the exception of STARTTLS connections to
>> port 143 from *remote* machines.
>>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> verify error:num=19:
On 18 Mar 2008, at 16:11, Jorey Bump wrote:
> Everything
> seems to be working fine, with the exception of STARTTLS
> connections to
> port 143 from *remote* machines.
>
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now
> verify error:num=19:self signed certificate in certificate chain
Who
I'm migrating from Cyrus IMAPd 2.3.7 to 2.3.11. I've moved all the data
to the new environment and rebuilt the necessary databases. Everything
seems to be working fine, with the exception of STARTTLS connections to
port 143 from *remote* machines.
The following imtest logins work fine when run
23 matches
Mail list logo
