Your message dated Wed, 16 Mar 2016 16:02:56 +0100
with message-id
<1458140576.3820013.550944698.564dc...@webmail.messagingengine.com>
and subject line Closing ancient bugs
has caused the Debian Bug report #502361,
regarding courier-imap-ssl package breaks SSL on upgrade; hashed certs culprit.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
502361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502361
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: courier-imap-ssl
Version: 4.4.0-2
Severity: important
Hi,
I just upgraded to lenny and found that my imap SSL connection no
longer works.
maia:~$ telnet -z ssl mail.utsl.gen.nz 993
Trying 202.78.240.73...
SSL_connect: Success
maia:~$
In Evolution this manifested as "Error while Refreshing folder", and
clicking on the little alert triangle that appears in the bottom left
it then says "Server unexpectedly disconnected: Input/output error"
I downgraded to the etch courier-imap-ssl package, then re-upgraded,
keeping the old config file - which worked. I eventually worked out
that the new TLS_TRUSTCERTS option was triggering the issue.
Also, I saw this error message in /var/log/mail.log:
Oct 16 11:12:49 mail imapd-ssl: couriertls: connect: error:0B07C065:x509
certificate routines:X509_STORE_add_cert:cert already in hash table
Removing the /var/lib/courier/couriersslcache file did not resolve
this, however removing all of the hashed certs in /usr/lib/ssl/certs
fixed it.
maia:~$ telnet -z ssl mail.utsl.gen.nz 993
Trying 202.78.240.73...
Connected to mail.utsl.gen.nz.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN] Courier-IMAP ready. Copyright
1998-2008 Double Precision, Inc. See COPYING for distribution information.
^]
telnet> close
maia:~$
Workarounds:
1. remove hashed certificates in /usr/lib/ssl/certs
rm
/usr/lib/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]*
2. disable TLS_TRUSTCERTS in /etc/courier/imapd-ssl
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.16.x
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages courier-imap-ssl depends on:
di courier-imap 4.4.0-2 Courier mail server - IMAP server
ii courier-ssl 0.60.0-2 Courier mail server - SSL/TLS Supp
ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a
courier-imap-ssl recommends no packages.
Versions of packages courier-imap-ssl suggests:
pn courier-doc <none> (no description available)
ii mutt [imap-client] 1.5.18-4 text-based mailreader supporting M
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.73.1-1.6
I am closing all pre-wheezy bug reports and non-critical wheezy bug
reports. If you can reproduce the issue using jessie (or even better
current unstable), feel free to reopen the bug.
Cheers,
--
Ondřej Surý <[email protected]>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
--- End Message ---
