[binc] Does TLS Client Auth work ?

Sun, 22 Aug 2004 06:39:00 -0700 

Hello,

I was having problems with this some time ago, and I haven't got anywhere 
since.

My question is...

Does binc TLS client authentication work ?

I'm running binc 1.2.9, and Mozilla Thunderbird tells me that the the server 
does not support client authentication (which I take to mean that binc is not 
advertising it).

A normal (non client-auth) SSL connection works fine, as does the normal 
password authentication (not that I expect this to have anything to do with 
it). Oh, and for the record, this all works fine for apache and qmail (with 
the appropriate patch, of course), so I'm certain there's nothing wrong with 
the SSL library.

I've not passed anything to ./configure when I built binc that might affect 
this. I have the CA and server certificates installed as per the config 
(below).

I have tried running binc with and without '--ssl' (I thought maybe that if it 
was already using SSL it would not advertise TLS as well ? - dunno). 

If anyone has any ideas, I'd be really grateful to hear about them. Does 
ANYONE use this feature ? - I've not seen anyone even mention it in the 
mailing archive or anywhere else come to that (the manual doesn't even seem 
to cover it) !

Thanks in advance,

Rich.

Here's my config file...

--------------------------------------------------------------

Authentication {
    allow plain auth in non ssl = "no",
    auth penalty = 4,
    disable starttls = "no"
}

Security {
    jail path = "/home/bincimap",
    jail user = "bincimap",
    jail group = "bincimap"
}

Log {
    type = "multilog",
    environment ip variable = "TCPREMOTEIP"
}

Mailbox {
    depot = "IMAPdir",
    type = "Maildir",
    path = "IMAPdir",
    auto create inbox = "no",
    auto subscribe mailboxes = "INBOX,SPAM",
    umask = "077"
}

Session {
    auth timeout = 30,
    idle timeout = 1800,
    transfer timeout = 240,
    transfer buffer size = 4096
}

SSL {
    pem file = "/usr/local/qmail/control/bincimap.pem",
    ca file = "/usr/local/qmail/control/bincimap.ca",
    ca path = ""
    cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:EXP:+SSLv2:+EXP",
    verify peer = "yes"
}

--------------------------------------------------------------

Reply via email to