On Mon, 2003-12-15 at 10:02, AthlonRob wrote:
> Dec 15 09:55:53 linuxbox bincimap-up[5482]: Error initializing Binc IMAP: SSL
> negotiation failed: SSL error: cipher list undefined
Ok, I see in io-ssl.cc, the error is generated in this if statement:
session.globalconfig.setSection("SSL");
string clist = session.globalconfig["cipher list"];
if (clist == "") {
setLastError("SSL error: cipher list undefined");
return false;
}
Which all pretty much makes sense to me. Without looking at the code in
session.h, I'm guessing the setSection line sets us to the SSL {}
section of the config file, then the string clist = ... line sets the
clist string to the value of that entry in the SSL section.
If the resulting string is empty, it outputs the error...
Now this would imply I'm not getting my config file read. :-\
AHA! Solved that part - it was a typo in my inetd.conf - it's --ssl not
-ssl. :-)
Maybe the problem is related to tcpd and inetd....
If I take out tcpd from the equation, I get this when I try openssl:
[EMAIL PROTECTED] rob $ openssl s_client -connect axpr.net:993
CONNECTED(00000003)
30898:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:470:
[EMAIL PROTECTED] rob $ openssl s_client -tls1 -connect axpr.net:993
CONNECTED(00000003)
30899:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:286:
With tcpd calling bincimap-up, I get this:
[EMAIL PROTECTED] rob $ openssl s_client -connect axpr.net:993
CONNECTED(00000003)
30924:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
[EMAIL PROTECTED] rob $ openssl s_client -tls1 -connect axpr.net:993
CONNECTED(00000003)
30925:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529:
So... perhaps tcpd is getting in the way of SSL somehow. However,
without tcpd in the way, I'm still having problems. The log file isn't
showing anything at all when tcpd is enabled. It shows this (same
commands as above run) with tcpd disabled so inetd calls boincimap-up
directly:
Dec 15 12:48:29 linuxbox bincimap-up[7076]: Client connected to Binc IMAP from ?Dec 15
12:48:29 linuxbox bincimap-up[7076]: Client disconnected
Dec 15 12:48:29 linuxbox bincimap-up[7076]: Unprivileged stub shutting down - read:0
bytes, wrote:0 bytes.
Dec 15 12:48:34 linuxbox bincimap-up[7077]: Client connected to Binc IMAP from ?Dec 15
12:48:34 linuxbox bincimap-up[7077]: Client disconnected
Dec 15 12:48:34 linuxbox bincimap-up[7077]: Unprivileged stub shutting down - read:0
bytes, wrote:0 bytes.
Well.. I hope I'm at least making a little bit of progress. :-)
Rob
