--On Wednesday, August 24, 2016 5:47 PM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
this is clearly a TLS client-side stack trace. Why is nginx acting
as an SSL/TLS client?
It's a proxy server... so it's proxying between the client connecting to
nginx on the IMAPS port and the jetty server on the other side.
so:
end user <-> nginx:143 <-> jetty:7143
The issue only happens when proxying IMAP on port 143 with startTLS or
993 (IMAPS). It does not occur on POP w/ starttls or web traffic (443).
It also is only happening with this one particular client, as we have
numerous customers (and our own setup) not experiencing this issue.
I'll have them supply what's in their keystore that Jetty's using as well.
Note, when this happens, the nginx log shows:
2016/08/22 03:12:10 [info] 530#0: *3326370 SSL_do_handshake() failed (SSL:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown:SSL alert number 46) w
*** Error in `nginx: worker process': free(): invalid size:
0x00000000010cf560 ***
The CA certs in play are the same for both the jetty process being proxied
to, and what nginx is using. I see nothing unusual about the server cert
on the jetty side.
Is there any more info I can provide?
--Quanah
--
Quanah Gibson-Mount
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
