"ingo.kappler" wrote:
> 
> Nelson B. Bolyard wrote:
> 
> > Ingo Kappler wrote:
> >>
> >> For secure mail connections I use a selfsigned certificate on the server,
> >
> > You mentioned imaps and pop3s in the subject.  Did you mean imaps and
> > smtps? AFAIK, mozilla doesn't do pop3 over SSL, but does do imaps and
> > smtps.
> 
> Sorry, I don't know if I know everything right. But when I spoke from pop3s
> and imaps I ment the entrances in /etc/inetd.conf.
> 
> ie:
> # pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d
> pop3s stream tcp nowait root /usr/sbin/ipop3d /usr/sbin/ipop3d
> #
> # stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd
> imaps stream tcp nowait root /usr/sbin/imapd /usr/sbin/imapd
> 
> Maybe pop3s uses smtps?

No.  IMAP and POP3 are two different protocols by which a Mail User Agent 
(MUA) (a program like moz or N6 or kmail) fetches email messages that have 
reached their destination Mail Transfer Agent (MTA, a server).  SMTP is the
protocol by which email is sent to an MTA.  So, your MUA sends email via
SMTP and receives it by either POP3 or IMAP.  The letter S after any of
those acronyms means "secure" or "over SSL".   

SMTPS is done over the same TCP port as SMTP, so it doesn't have a separate
entry from SMTP in /etc/services, AFAIK.  

I just learned that POP3S support was added to mozilla in N6.2, so I was
mistaken when I said that mozilla doesn't support it.

So, here are some questions for you:

1. Does the problem you reported (error -8182) happen when sending email 
or when receiving email?

2. When you used N6.2, were you receiving your email with IMAPS? or POP3S? 
(or maybe just IMAP or POP3) ??

3. When you try to use N7 or moz1.0, is it configured exactly the same as
N6.2 (I mean, both are using IMAPS or both are using POP3S or ...)

4. Is your SMTP server also configured to use SSL?  

5. Is your N6.2 configured to always use SSL when sending email?

6. Is your N7 (or moz1.0) configured the same as your N6.2 (both always 
use SSL, or both never use SSL, or ...)

> >> created with openssl. It works for my needs with netscape 6.2 and kmail
> >> and other programs, except mozilla 1.0 and netscape 7.
> >>
> >> I get an error message saying it couldn`t establish a secure connection
> >> for the cert might be destroyed or not usable with error-code -8182.

> > The version of NSS used by PSM in mozilla has changed, for one thing.
> > There have also been numerous other changes in PSM.  PSM's error handling
> > UI for SSL has changed.

I'm still trying to find out if any of those changes are relevant to your
situation.

> The certificate actually works with Netscape 4.x (imaps), Netscape 6.2
> (imaps,"pop3s ?"), kmail (imaps, "pop3s ?") and versions of Outlook which I
> personally don't use.

You'll have to check the configuration of your own N6 and N7 clients to see
if they're using POP3S or IMAPS.  There's no way for me to tell.

> > Without a copy of your cert, I can only conjecture about the cause.
> > Please file a bug against PSM in bugzilla and attach your server cert to
> > it. Please be sure to explain exactly how you were using the cert, both in
> > earlier versions of mozilla that worked and in the versions that failed.
> 
> There is no change on my side.

Well, you have changed between N6 and N7, and there are differences of 
configuration between them.  You may, for example, have marked that cert
in N6 as a trusted server cert, but may not have marked it similarly for N7.

> > If you could make your server available to us for testing that might
> > also help.  We would not need an actual account on the server for testing
> > purposes, I believe.
> 
> It's the first time I get asked to fill up a bug report. Ok, I will look
> how to do it. But what have I exactly to do, to make testing possible for
> you? If needed I could give you a mail account too.

Once you know the answers to the questions I asked above, you can just 
email the answers to me, along with the hostname of your mail server
system, and I can play with it.  I don't need an account, but I do need
to be able to connect to the system..

> Are You interested in the way how I created the certificate? I just could
> post it too.

If I can connect to your server, I can get the cert myself.

> Thank-you for your answer.
> 
> >> Thanks Ingo
> >
> > --
> > Nelson Bolyard
> > Disclaimer:                  I speak for myself, not for Netscape


--
Nelson Bolyard       
Disclaimer:                  I speak for myself, not for Netscape

Reply via email to