Re[2]: [M-User] SSL documentation?

Sat, 02 Mar 2002 16:45:38 -0800 

On Sun, 3 Mar 2002 01:36:28 +0100 (Romance Standard Time) Vadim Zeitlin 
<[EMAIL PROTECTED]> wrote:

> On Thu, 28 Feb 2002 16:20:16 -0500 (EST) Richard Welty
> <[EMAIL PROTECTED]> wrote:

> RW> is there any documentation anywhere covering details about SSL
> setups?
 
>  Nothing about the server-side part I'm afraid - but this surely should
> be
> described elsewhere.

what i'm after (sorry for not being clear earlier) is this:

does mahogany expect to see a server certificate signed by a known CA?

i've tried two certs, one is self signed, and one is signed by a
roll-your-own CA generated with OpenSSL. mahogany doesn't like either
certificate, but doesn't give a really detailed error message.

i have since gotten someone using a newish outlook to access the pop3
server over SSL; outlook complains about the certificate but lets you
access the server anyway. a procedure for telling windoze to accept the
CA was discussed over on the exim-users list a little while back (in the
context of SMTP over TLS), and i expect that it would to stop Outlook
from complaining. my next project is to figure out how to tell OpenSSL
that my homebrew CA is ok, which i project will solve the problem with
Mahogany and the cert.

> RW> i'm trying to set up stunnel on an OpenBSD 3.0 box to wrap pop3
> services.
> RW> mahogany appears to be complaining about the self signed cert, but
> i'm not
> RW> 100% certain.
 
>  Hmm, maybe I'm just confused but I don't think you need stunnel for
> pops.
> I.e. either you tunnel pop through SSL or you just use pops - why not do
> the latter if you have the choice?

the pop server that comes with OpenBSD (popa3d) doesn't seem to natively
support pop3s (it's not mentioned in the popa3d man page, and the OpenBSD
man pages have in my experience been fairly complete and precise.) however,
if i set up stunnel on the OpenBSD server properly, it is supposed to look
like pop3s to the clients.

i've done this successfully the other way -- using getmail over stunnel on
the client side to fetch imap and pop3 mail from pop3s and imaps servers.

richard
--
Richard Welty                                         [EMAIL PROTECTED]
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security



_______________________________________________
Mahogany-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-users

Reply via email to