Problem with IMAP over SSL

Thu, 08 Jul 2004 08:20:41 -0700

I'm trying to migrate from Mozilla MailNews 1.4 to Thunderbird 0.7.1. We use IMAP over SSL, and the PKCS#12 certificate/key I use in Moz 1.4 works (of course). Using the same cert/key combo, TBird craps out in the SSL negotation with "Error establishing an encrypted connection to {server}: Error code -8092". Ethereal seems to show the server sending the same stuff back for TBird as Moz (simply the Server Hello with its cert chain, after the Client Hello from the mail client), but TBird choosing not to continue the conversation by sending its certs back to the server at that point. Can it not find the right cert/key combo to use? How can I make it prompt for that, or trace what's going on? I'm pretty sure the cert is well formed, since TBird successfully uses it to S/MIME sign outgoing messages (and they're received as good messages).

Any ideas? This is a show stopper, unfortunately; we use client certs to control access to the SSL server. If it's any help: I'm pretty sure we noticed this problem first with Moz 1.5 (but I can't reproduce that), which is why we're still on version 1.4. Maybe something changed in PSM around that time?

I'm currently testing TBird 0.7.1 prebuilt binaries on Windows 2000, same with the Moz 1.4 binaries.

When I set the IMAP logging up, I don't really get much more information. The layer reporting the information just gets told the socket read fails (-1) for some reason (-8092); I think the underlying reason is not being traced. See the line in bold below:

1864[1cbbe98]: nsSocketTransport::BuildSocket [this=2a31248]
1864[1cbbe98]: pushing io layer [0:ssl]
1864[1cbbe98]: [secinfo=2944188 callbacks=21a1d78]
1864[1cbbe98]: nsSocketTransportService::AttachSocket [handler=2a31248]
1864[1cbbe98]: nsSocketTransportService::AddToIdleList [handler=2a31248]
1864[1cbbe98]: active=0 idle=1
1864[1cbbe98]: advancing to STATE_CONNECTING
1864[1cbbe98]: nsSocketTransport::SendStatus [this=2a31248 status=804b0007]
1864[1cbbe98]: trying address: 66.237.148.186
1864[1cbbe98]: idle [0] { handler=2a31248 condition=0 pollflags=6 }
1864[1cbbe98]: nsSocketTransportService::AddToPollList [handler=2a31248]
1864[1cbbe98]: active=1 idle=1
1864[1cbbe98]: nsSocketTransportService::RemoveFromIdleList [handler=2a31248]
1864[1cbbe98]: active=1 idle=0
1864[1cbbe98]: calling PR_Poll [active=1 idle=0]
1864[1cbbe98]: nsSocketTransport::OnSocketReady [this=2a31248 outFlags=2]
1864[1cbbe98]: advancing to STATE_TRANSFERRING
1864[1cbbe98]: nsSocketTransport::SendStatus [this=2a31248 status=804b0004]
1864[1cbbe98]: active [0] { handler=2a31248 condition=0 pollflags=7 }
1864[1cbbe98]: calling PR_Poll [active=1 idle=0]
1864[1cbbe98]: nsSocketTransport::OnSocketReady [this=2a31248 outFlags=3]
1864[1cbbe98]: nsSocketOutputStream::OnSocketReady [this=2a312f8 cond=0]
1864[1cbbe98]: nsSocketInputStream::OnSocketReady [this=2a312dc cond=0]
1864[1cbbe98]: nsSocketTransportService::PostEvent [event=2a1dbf0]
1864[1cbbe98]: active [0] { handler=2a31248 condition=0 pollflags=0 }
1864[1cbbe98]: nsSocketTransportService::AddToIdleList [handler=2a31248]
1864[1cbbe98]: active=1 idle=1
1864[1cbbe98]: nsSocketTransportService::RemoveFromPollList [handler=2a31248]
1864[1cbbe98]: index=0 mActiveCount=1
1864[1cbbe98]: active=0 idle=1
1864[1cbbe98]: calling PR_Poll [active=0 idle=1]
1864[1cbbe98]: nsSocketInputStream::Read [this=2a312dc count=4096]
1864[1cbbe98]: calling PR_Read [count=4096]
1864[1cbbe98]: PR_Read returned [n=-1]
1864[1cbbe98]: nsSocketInputStream::AsyncWait [this=2a312dc]
1864[1cbbe98]: idle [0] { handler=2a31248 condition=0 pollflags=5 }
1864[1cbbe98]: nsSocketTransportService::AddToPollList [handler=2a31248]
1864[1cbbe98]: active=1 idle=1
1864[1cbbe98]: nsSocketTransportService::RemoveFromIdleList [handler=2a31248]
1864[1cbbe98]: active=1 idle=0
1864[1cbbe98]: calling PR_Poll [active=1 idle=0]
1864[1cbbe98]: nsSocketTransport::OnSocketReady [this=2a31248 outFlags=1]
1864[1cbbe98]: nsSocketInputStream::OnSocketReady [this=2a312dc cond=0]
1864[1cbbe98]: nsSocketTransportService::PostEvent [event=2aeee58]
1864[1cbbe98]: active [0] { handler=2a31248 condition=0 pollflags=0 }
1864[1cbbe98]: nsSocketTransportService::AddToIdleList [handler=2a31248]
1864[1cbbe98]: active=1 idle=1
1864[1cbbe98]: nsSocketTransportService::RemoveFromPollList [handler=2a31248]
1864[1cbbe98]: index=0 mActiveCount=1
1864[1cbbe98]: active=0 idle=1
1864[1cbbe98]: calling PR_Poll [active=0 idle=1]
1864[1cbbe98]: nsSocketInputStream::Read [this=2a312dc count=4096]
1864[1cbbe98]: calling PR_Read [count=4096]
1864[1cbbe98]: PR_Read returned [n=-1]
1864[1cbbe98]: ErrorAccordingToNSPR [in=-8092 out=80004005]
1864[1cbbe98]: nsSocketTransport::OnMsgInputClosed [this=2a31248 reason=80004005]
1864[1cbbe98]: nsSocketInputStream::CloseWithStatus [this=2a312dc reason=0]
1864[1cbbe98]: nsSocketInputStream::CloseWithStatus [this=2a312dc reason=80470002]

_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security

Reply via email to