On Tue, Jun 14, 2005 at 03:42:18PM +0900, David Leangen wrote: > I hate to keep bothing you, but I'm still having problems with > getting my connection through.
No problem, we're here to help. > When attempting to connect from a machine on my local network > (192.168.0.5) I am getting messages such as this: > > @4000000042ae743b3a487e7c 21573 0 [EMAIL PROTECTED]:] error > initializing Binc IMAP: SSL negotiation failed: Internal SSL error: > error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate OpenSSL (used by Binc) doesn't like one of the certificate files. Let's see. > By following the instructions at > http://lifewithbincimap.org/index.php/Main/DoItYourselfCertificateAuthority, > I created these files (edited): > > *** bincimap.pem > > -----BEGIN RSA PRIVATE KEY----- > blablabla > -----END RSA PRIVATE KEY----- [..] > -----BEGIN CERTIFICATE----- > bal bla bla > -----END CERTIFICATE----- > > *** diy_ca.pem > > -----BEGIN CERTIFICATE----- > more bla bla bla > -----END CERTIFICATE----- Looks ok. > My bincimap.conf file looks like this: [..] > SSL { > pem file = "/var/qmail/control/bincimap.pem", > ca file = "/var/qmail/control/diy_ca.pem", > cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP", > verify peer = "no" > } Looks ok too. > Any ideas? Check these: openssl x509 -in /var/qmail/control/bincimap.pem -noout -text openssl x509 -in /var/qmail/control/diy_ca.pem -noout -text You should get reasonable output from both those commands, with the subject of the latter certificate being the issuer of the former. Some questions: What does the run file for the service look like? How do you want to set things up wrt SSL requirements? I run a private (only listening on localhost) Binc server that doesn't require SSL for the use of IlohaMail, a web mail client. And for external parties I run another Binc on a public interface that requires SSL. For this setup to work I need two different configuration files. I've found that most clients don't seem to want to do imaps but rather they want to use STARTTLS, so both of my services run on port 143, just different interfaces and different configuration. > By the way, the above was an attempted connection with a > Thunderbird client. I tried with an Outlook client, but nothing > even showed up with the logs... I seem to recall that Outlook was one of the STARTTLS programs, so when you check the "secure connection" box (forgot what it's called) it still goes for port 143 but will STARTTLS before logging in there. > Thanks again so much for all your help!! I hope we can get this to work. :) //Peter
