OK, I'm going to freely admit to being a SSL newbie, I have no earthly idea what I'm
doing.
I followed the link posted in the archives to the TLDP, followed those directions to
the
letter.
Running FreeBSD bincimap port version 1.2.1 (sent an e-mail to the maintainer
requesting he
update it).
What happened when I ran # openssl s_client -connect server:993 -crlf
All that happened was:
CONNECTED (0000000003)
And it sat there. And it sat there. I can tell it was looking at me expectantly for
something. But I didn't know what to sacrifice to make it work. SO I used CA.pl to
create
a self-signed cert now when I connect I get this:
arthur# openssl s_client -connect localhost:993 -crlf
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
i:/C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDCjCCArSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCkR1YmxpbiwgQ0ExIjAgBgNV
BAoTGVNpbHZlcnRyZWUgQ29tbXVuaWNhdGlvbnMxGjAYBgNVBAsTEUludGVybmV0
IFNlY3VyaXR5MRkwFwYDVQQDExBJTUFQIENlcnRpZmljYXRlMB4XDTAzMDkyMTAz
MTk1NVoXDTA2MDkyMDAzMTk1NVowgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
YWxpZm9ybmlhMRMwEQYDVQQHEwpEdWJsaW4sIENBMSIwIAYDVQQKExlTaWx2ZXJ0
cmVlIENvbW11bmljYXRpb25zMRowGAYDVQQLExFJbnRlcm5ldCBTZWN1cml0eTEZ
MBcGA1UEAxMQSU1BUCBDZXJ0aWZpY2F0ZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
QQC1KoEJKVpp4z3WVoTCzr0csspXrZ38Vidks+LT5QBRVPXMd8382NVYHWq8SL7b
YZ90ciLvsVCoVejxfbMmtH1vAgMBAAGjgfIwge8wHQYDVR0OBBYEFEnLH+EgIobJ
9p1SxiZcQIthEsCpMIG/BgNVHSMEgbcwgbSAFEnLH+EgIobJ9p1SxiZcQIthEsCp
oYGYpIGVMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEG
A1UEBxMKRHVibGluLCBDQTEiMCAGA1UEChMZU2lsdmVydHJlZSBDb21tdW5pY2F0
aW9uczEaMBgGA1UECxMRSW50ZXJuZXQgU2VjdXJpdHkxGTAXBgNVBAMTEElNQVAg
Q2VydGlmaWNhdGWCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAANBALMu
IDcj7jCjkI3+z2vysfHoC8o1z7ll8kBMlLKwNofnRK1HlrPqTt7B4QZjBUZWpWvp
5hdRmafLz5Is/xws6D8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
issuer=/C=US/ST=California/L=Dublin, CA/O=Silvertree Communications/OU=Internet
Security/CN=IMAP Certificate
---
No client certificate CA names sent
---
SSL handshake has read 944 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 512 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: B3A8C27DCF8999EA1A1399F71EA07CC83FAEE05B7786A8AFA05FC3E68B54AB11
Session-ID-ctx:
Master-Key:
DD0394797EBB4624065345689D2DA4B3D155FF3771366AAA4B846E9457FE018BAD744DD75E103E8ED98595272C1AB172
Key-Arg : None
Start Time: 1064153622
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
And it just sits there. Looking at me with those longing eyes, saying, "Feed me,
Seymore".
Can some one PLEASE tell me how the heck to set this damn thing up to run SSL?
Specifically:
How to create a cert that works
What PEM file do I specify in the config file for bincimap? I have like 5 to choose
from and
no offense to Andy, the documentation in the config and the FAQ is kinda sketchy on
this
point.
Anything else a clueful newbie needs to know to become less ignorant about this issue
bincimap works just great on port 143, it's only this SSL thing that's got me leaving
bloody
forehead sized marks on a brick wall :).
Thanks for you help!
--
"Compassion and retribution are two sides of the same coin. Necessity
dictates on what side the coin will fall."
"Firearms stand next in importance to the Constitution itself. They are the
American people's liberty teeth and keystone under independence."
-George Washington
