On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote: >What is the correct way I should be building a SSL cert that I can >use? I was building from FreeBSD poorts tree before, but it doesn't >seem to build the SSL part right? How can I properly build an SSL cert >for binc?
Have you tried to telnet to port 993 and see if you actually get a plain text greeting? >Also, I used ldd to check, my binc has SSL support: >ldd /usr/local/bin/bincimap-up >/usr/local/bin/bincimap-up: > libssl.so.3 => /usr/lib/libssl.so.3 (0x280bb000) > libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x280ea000) Good. :-) >Here is when I try to connect withthe ssl client: >openssl s_client -connect 127.0.0.1:993 -crlf >CONNECTED(00000003) >19716 0 [EMAIL PROTECTED]:] Client connected to Binc IMAP from >69.55.225.21 >19715:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ If would seem that openssl gets something unexpected from the server. Errors in the SSL cert are usually reported as SSL cert errors in the logs. If you want to make a working self-signed cert, you could try "make cert". I'm not sure if it's in the FreeBSD port, but it's definitely in the trunk version of Binc IMAP. Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
