> Odd. So what about
> openssl s_client -connect <public IP>:993
> when running on the box itself? Does that fail too?
yes it fails with:
<code>
CONNECTED(00000003)
3083573400:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1193:SSL alert number 40
3083573400:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:590:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1307879512
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
</code>
> It's possible you have two different processes bound to different IPs
> (you can use "netstat -natp | grep :993" as root to check)
<code>
tcp 0 0 127.0.0.1:993 0.0.0.0:*
LISTEN 23702/couriertcpd
tcp 0 0 <public IP>:993 0.0.0.0:* LISTEN
23702/couriertcpd
tcp6 0 0 ::1:993 :::*
LISTEN 23702/couriertcpd
</code>
> Otherwise, ISTSR couriertls is able to use different certificates depending
> on which IP you connect to, so maybe you have a cert.127.0.0.1.pem which is
> invalid. Sorry, I don't remember the exact filename, but I'm pretty sure
> you append the IP address to the filename stem.
is EXPERIMENTAL in courier version: 4.8.0-3 to add hostname
ps: sorry for my english, please explain easy
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
