On Tue, 11 Feb 2003, Gary wrote:
>On Tue, Feb 11, 2003 at 08:06:13AM +0100 or thereabouts, Andreas Aardal Hanssen wrote:
>> >Sorry, Andreas, I should have mentioned it. It is the newest v of
>> >Mulberry 3.01 for Linux.
>> Thanks -
>> >> allow plain auth in non ssl = "yes"
>> My mistake - I was referring to the bincimap.conf file. :) You can set
>> this option to allow Mulberry to authenticate on a plain text connection
>> (port 143), and we'll see if SSL is the only problem.
>My bad!!! okay in the /opt/bincimap/etc/bincimap.conf file, it is set as
>this: allow plain auth in non ssl = "yes"
>> (The SSL code in the IO class is quite bad, with some cut&paste in C code,
>> but I'd like to blaim the OpenSSL team for not providing adequate
>> documentation! Adequate for me, anyway. :) Perhaps I should bite the grass
>> and go buy an OpenSSL book.)
>Logs .... sneaky place <g> :/var/opt/log/bincimap-ssl/current
Yup ;)
>@400000003e48a01019596334 26745:error:02001002:system library:fopen:No
>such file or
>directory:bss_file.c:245:fopen('/usr/share/ssl/certs/stunnel.pem','r')
>@400000003e48a010195ac6ac 26745:error:20074002:BIO
>routines:FILE_CTRL:system lib:bss_file.c:247:
>@400000003e48a010195c6c8c 26745:error:140AD002:SSL
>routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513:
>@400000003e48a01019712924 SSL negotiation failed
>/var/opt/log/bincimap
There's your error. Although this is a really horrible error message, it's
trying to say that you don't have a /usr/share/ssl/certs/stunnel.pem file.
If you go to /usr/share/ssl/certs/ (you're running RH7.2, right?) and type
"make", that should give you a hint. If your SSL certificate is located
elsewhere, make sure to provide one in PEM format and edit the
bincimap.conf file to point to this file.
Andy :-)
--
Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg
Author of Binc IMAP | Nil desperandum
