Re: [naviserver-devel] nsimap open errors on self-signed certificate

Mon, 24 Jul 2017 11:03:06 -0700 

Hi Gustaf,

Alas, the changes did not work for this case:
Could not connect to mailbox: Certificate failure for or97.net: self signed certificate: /C=UK/ST=Default Province/O=self/CN=or97.net 
    while executing
"ns_imap open -mailbox {{or97.net}mail/INBOX} -novalidatecert -user support -passwor... 

I verified that the rebuild included the changes:

:/usr/local/src/modules/nsimap# grep novalidatecert ns*
nsimap.c:        } else if (!strcmp(cmd, "-novalidatecert")) {
Binary file nsimap.o matches
Binary file nsimap.so matches
root@openacs-a22:/usr/local/src/modules/nsimap# grep novalidatecert *
nsimap.c:        } else if (!strcmp(cmd, "-novalidatecert")) {
Binary file nsimap.o matches
Binary file nsimap.so matches
README: ns_imap open -mailbox mailbox ?-user u -password p -debug -expunge -anonymous -shortcache -readonly -halfopen -reopen -novalidatecert? 


This is not a critical bug.
Right now, there are free Automatic Certificate management Environment (ACME) services, such as letsencrypt, which works with nsimap. 


Maybe some diagnostic info:


I added a -testDummyParam to invoking ns_imap open:

ns_imap open -mailbox .... -testDummyParam ....
testDummyParam was ignored for the self-signed certificate error (above) and also for successful connection cases using a valid CA signed-certificate. 

best wishes,

Ben

On 07/24/2017 02:10 AM, Gustaf Neumann wrote:
> Am 24.07.17 um 3:46 AM schrieb Ben Brink via naviserver-devel:
>> Apparently ns_imap open doesn't like self-signed certificates.
>> If there is a list for suggested new features, this should be on it.
>> Thank you.
> I've added a small change to add the optional flag "-novalidatecert" to "ns_imap open" 
> (name from the flag of the imap implementation).
>
> please check, if this change is sufficient.
>
> best regards
> -gn
>
>
> ------------------------------------------------------------------------------ 
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Reply via email to