Re: [binc] SSL woes

Sun, 21 Sep 2003 10:30:43 -0700 

On Sun, Sep 21, 2003 at 06:46:14PM +0200, Stefano Rivera ([EMAIL PROTECTED]) wrote:
> Hi Scott (2003.09.21_18:32:22_+0200)
> > Even using openssl command line, it still asks for a PEM passphrase.  This is 
> > rapidly
> > becoming more hassle than it's worth.  I think I'm just going to stick with a SSH 
> > tunnel.
> > 
> > At least that works.
> 
> You've got this far, you might as well get it working:
> openssl rsa -in <current name> -out <new name>
> 
> It will ask for the passphrase, but certificate it outputs will be
> passphrase-free. This is the one you use for binc.
> 
> SR
OK, I did that, and redirected it to imap.pem. imap.pem only had the private key 
listed in
the file, so I concatenated the certificate to the end of the file and this is what 
happened
with openssl connect as mentioned in the faq:

arthur# openssl s_client -connect arthur.silvertree.org:993 -crlf
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Dublin/O=Silvertree Communications
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Dublin/O=Silvertree Communications
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Dublin/O=Silvertree Communications
   i:/C=US/ST=California/L=Dublin/O=Silvertree Communications
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC1jCCAj+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEPMA0GA1UEBxMGRHVibGluMSIwIAYDVQQKExlT
aWx2ZXJ0cmVlIENvbW11bmljYXRpb25zMB4XDTAzMDkyMTE3MTY0MVoXDTA0MDky
MDE3MTY0MVowVzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzAN
BgNVBAcTBkR1YmxpbjEiMCAGA1UEChMZU2lsdmVydHJlZSBDb21tdW5pY2F0aW9u
czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqgOLXfO/Xu4D/ECFGloRI+Ru
4Rso4774zDkzpglCbGu2ub0ACDNKEy/ZCdjq1YMYTWKOnK7oXlwpPqXSn29QmG8z
t/t+NqRePRCW4ACyGBB3L/4l9peyEwpv4+2PbmvCXOKYxDUDOKcmy6d/yE3zzCn2
I7ryPGRvAGoRgcMOsmUCAwEAAaOBsTCBrjAdBgNVHQ4EFgQUiYDvIwYjvuoQ/m+4
2r55rWQx8cgwfwYDVR0jBHgwdoAUiYDvIwYjvuoQ/m+42r55rWQx8cihW6RZMFcx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ8wDQYDVQQHEwZEdWJs
aW4xIjAgBgNVBAoTGVNpbHZlcnRyZWUgQ29tbXVuaWNhdGlvbnOCAQAwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBHs5BBV79wHZNTKG5SsrzubQDZTgus
/FkEoHZoohInuPUZ+HGAIJPpkrtpI2CSGtDRrxVCMu5PMZRqIm0Lszm3uUhG9a1m
teuJQkVB8XImqyBK1CUc4VvZ0TyZGKBsWOe/LZgE+g1e81b5ef9IZGiUhAgKx7tl
HGt3YvGnfU0McA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Dublin/O=Silvertree Communications
issuer=/C=US/ST=California/L=Dublin/O=Silvertree Communications
---
No client certificate CA names sent
---
SSL handshake has read 892 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: B67910C4871E41AF51B7B69CC632E52C7F05BDBABF4D0FF6C801FF5746AA8DE4
    Session-ID-ctx: 
    Master-Key:
CADA419302C3D59C9C53942A2CADFDF635FA4F7A655B178EB6F1AED578163B29C6243EFE1AC8D2ABE8115EF74CB3D9BE
    Key-Arg   : None
    Start Time: 1064164932
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

And there it sits. I don't get the connected dialog as mentioned in the FAQ for 
testing.

Here's the strace output:

------------- BEGIN SCRIPTED OUTPUT ------------------------

accept(3, {sa_family=AF_INET, sin_port=htons(3325), 
sin_addr=inet_addr("64.139.44.194")},
[16])
= 0^M
sigprocmask(SIG_BLOCK, [CHLD], NULL)    = 0^M
fork()                                  = 18557^M
[pid 18147] accept(3,  <unfinished ...>^M
[pid 18557] close(3)                    = 0^M
[pid 18557] open("/etc/ssl/imap.pem", O_RDONLY) = 3^M
[pid 18557] fstat(3, {st_mode=S_IFREG|0644, st_size=1933, ...}) = 0^M
[pid 18557] read(3, "-----BEGIN RSA PRIVATE
KEY-----\nMIICWwIBAAKBgQCqA4td879e7gP8QIUaWhEj5G7hGy
jjvvjMOTOmCUJsa7a5vQAI\nM0oTL9kJ2OrVgxhNYo6cruheXCk+pdK"..., 16384) = 1933^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] gettimeofday({1064165230, 333180}, NULL) = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] break(0x80c2000)            = 0^M
[pid 18557] break(0x80cb000)            = 0^M
[pid 18557] read(0, "\200\214\1\3\1\0c\0\0\0 ", 11) = 11^M
[pid 18557] read(0,
"\0\0009\0\0008\0\0005\0\0\26\0\0\23\0\0\n\7\0\300\0\0003\0\0002\0\0/\3\0\20
[EMAIL PROTECTED]
4\0\0\21\0\0\10\0\0\6\4\0\200\0\0\3\2\0\200\267!\220\1\355W\233\353c\256\323"..., 131) 
=
131^M
[pid 18557] break(0x80cc000)            = 0^M
[pid 18557] break(0x80cd000)            = 0^M
[pid 18557] gettimeofday({1064165230, 342749}, NULL) = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] gettimeofday({1064165230, 344779}, NULL) = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW) = 3^M
[pid 18557] select(4, [3], NULL, NULL, {0, 10000}) = 1 (in [3])^M
[pid 18557] read(3,
"\254\v\3Cy\27\201H\327JM+|b\32\214,)\27\240\0a\351\7^\274\214\337\302\tcN",
 32) = 32^M
[pid 18557] close(3)                    = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getuid()                    = 0 (euid 0)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
03\340\277\20,\356\302\23\233\264$\272\0\213
\256\212!\210\370\244q6o*\306\311\266\301N\300zG\\\
337%\305\213_\216\0\'\364\302F\2224\0005\0\26\3\1\2\344\v\0\2\340\0\2\335\0\2"..., 
833) =
833^M
[pid 18557] read(0, "\26\3\1\0\206", 5) = 5^M
[pid 18557] read(0,
"\20\0\0\202\0\200~f-\201\37\216\346+\202\t\262\357\31y\6*-\253\20\365\350\2
13\313\24\226\r\240\354\362B\276\220\350|IP\343\240\221=\356\3546Y\366\241\347\371\32cs\374\372-
-\224\367\371\221\2010Y\277\222\267\232!\364)jTV\275\370\376\243yy!\262\v\\"..., 134) =
134^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] gettimeofday({1064165230, 429707}, NULL) = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] break(0x80ce000)            = 0^M
[pid 18557] break(0x80cf000)            = 0^M
[pid 18557] break(0x80d0000)            = 0^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] getpid()                    = 18557 (ppid 18147)^M
[pid 18557] break(0x80d1000)            = 0^M
[pid 18557] break(0x80d2000)            = 0^M
[pid 18557] break(0x80d3000)            = 0^M
[pid 18557] break(0x80d4000)            = 0^M
[pid 18557] read(0, "\24\3\1\0\1", 5)   = 5^M
[pid 18557] read(0, "\1", 1)            = 1^M
[pid 18557] read(0, "\26\3\1\0000", 5)  = 5^M
[pid 18557] read(0,
"\302p(\275\313\31\201C\22A\300O\31\355\'vF\243u=}\354\206\334\303\305\305C\
210\35Vg\2240(u\235\262Q\335~\216\331\344\305\201\246\324", 48) = 48^M
[pid 18557] write(1,
"\24\3\1\0\1\1\26\3\1\0000]\252\311\317\271G\235\317\337\345m\314\223\336\2
05\10\227gY\314sDL2\377\271\212\336\7\306P\302\205\235\300\37\320\335B\274\260W-\217T7\0312",
59
) = 59^M
[pid 18557] umask(077)                  = 022^M
[pid 18557] setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={1200, 0}},
{it_interval={0, 0}
, it_value={0, 0}}) = 0^M
[pid 18557] write(2, "18557 0 [EMAIL PROTECTED]:] Client connected to Binc IMAP from
64.139
.44.194\r\n", 83^C <unfinished ...>^M
-------------- END SCRIPTED OUTPUT -----------------------

Also I noticed the PID on tcpserver for the SSL imap daemon is changing, since it's 
running
under supervise, I can only surmise it's crashing at some point.

-- 
PGP Key: http://archon.silvertree.org/pgp.txt
"Compassion and retribution are two sides of the same coin. Necessity
dictates on what side the coin will fall."
"Firearms stand next in importance to the Constitution itself. They are the
American people's liberty teeth and keystone under independence." 
-George Washington

Reply via email to