Nelson B. Bolyard wrote: > Ingo Kappler wrote: >> >> For secure mail connections I use a selfsigned certificate on the server, > > You mentioned imaps and pop3s in the subject. Did you mean imaps and > smtps? AFAIK, mozilla doesn't do pop3 over SSL, but does do imaps and > smtps.
Sorry, I don't know if I know everything right. But when I spoke from pop3s and imaps I ment the entrances in /etc/inetd.conf. ie: # pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d pop3s stream tcp nowait root /usr/sbin/ipop3d /usr/sbin/ipop3d # # stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imaps stream tcp nowait root /usr/sbin/imapd /usr/sbin/imapd Maybe pop3s uses smtps? >> created with openssl. It works for my needs with netscape 6.2 and kmail >> and other programs, except mozilla 1.0 and netscape 7. >> >> I get an error message saying it couldn`t establish a secure connection >> for the cert might be destroyed or not usable with error-code -8182. > > Hmmm. bugzilla bug http://bugzilla.mozilla.org/show_bug.cgi?id=153232 > reports a similar complaint, except that in that bug, the submittor was > using the cert for https, not for IMAPS, and the submittor did not claim > that his cert worked with earlier versions of mozilla. I was unable to > connect to that user's https server with Communicator 4.x or with IE 5.5. > When I examined that user's cert with NSS 3.4.1, I found that the cert's > signature did not verify properly. That is the meaning of error -8182, > the cert's signature was invalid. > > But your case is different because you claim it worked with earlier > versions of mozilla. > >> What has changed? > > The version of NSS used by PSM in mozilla has changed, for one thing. > There have also been numerous other changes in PSM. PSM's error handling > UI for SSL has changed. > > One conceivable explanation (and pure conjecture) might be that earlier > versions of PSM in mozilla did not verify the signature of the server > cert for IMAPS or SMTPS, or ignored the signature verification error. > > Perhaps earlier versions of PSM let you mark the cert as trusted, > even though the signature was invalid, and current versions > > Another conjecture is that perhaps a change in NSS has caused it to no > longer be able to correctly verify some valid signatures, but can still > verify most other valid signatures. This seems less likely to me than > the previous conjecture, but I would like to test your cert with both > the present and older versions of NSS to confirm or refute this > possiblity. The certificate actually works with Netscape 4.x (imaps), Netscape 6.2 (imaps,"pop3s ?"), kmail (imaps, "pop3s ?") and versions of Outlook which I personally don't use. > Without a copy of your cert, I can only conjecture about the cause. > Please file a bug against PSM in bugzilla and attach your server cert to > it. Please be sure to explain exactly how you were using the cert, both in > earlier versions of mozilla that worked and in the versions that failed. There is no change on my side. > If you could make your server available to us for testing that might > also help. We would not need an actual account on the server for testing > purposes, I believe. It's the first time I get asked to fill up a bug report. Ok, I will look how to do it. But what have I exactly to do, to make testing possible for you? If needed I could give you a mail account too. Are You interested in the way how I created the certificate? I just could post it too. Thank-you for your answer. >> Thanks Ingo > > -- > Nelson Bolyard > Disclaimer: I speak for myself, not for Netscape
