OpenBSD 3.0 SSL not working

Dave Swager Sun, 06 Jan 2002 11:35:23 -0800

Sorry if this is answered elsewhere, I've looked everywhere and I'm stumped.


On the client side (Eudora 5.1, Mac or PC), I get the following error 
message whether I use optional START TLS, or Required START TLS.  APOP 
works fine:

ERR[AUTH] You must use TLS/SSL or stronger authentication such as APOP to 
connect to this server

I can't get SSL working no matter what I do.  Here's the configuration:

OpenBSD ns1 3.0 GENERIC#94 i386

./configure --enable-apop --enable-popuid=popa3d --enable-debugging 
--with-openssl=/usr

inetd.conf entry:

pop3            stream  tcp     nowait  root    /usr/local/sbin/popper 
popper -f /etc/popper.conf

/etc/popper.conf:

set clear-text-password=tls
set tls-support=stls
set tls-server-cert-file=/etc/mail/certs/cert.pem

And finally, the trace file (generated from an earlier inetd.conf entrywith 
-t):

Jan  6 09:18:38.799 2002 [655] Trace and Debug destination is file 
"/etc/popper.
trace" [pop_init.c:855]
Jan  6 09:18:38.799 2002
Jan  6 09:18:38.800 2002 [655] Processing config file '/etc/popper.conf'; 
CallTi
me=1 [pop_config.c:1279]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] ...read line 1 (27): set clear-text-password=tls
[pop_config.c:1315]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] Set clear-text-password to TLS (2) 
[pop_config.c:
1195]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] ...read line 2 (20): set tls-support=stls 
[pop_co
nfig.c:1315]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] Set tls-support to STLS (2) [pop_config.c:1195]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] ...read line 3 (49): set 
tls-server-cert-file=/et
c/mail/certs/cert.pem [pop_config.c:1315]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] Set tls-server-cert-file to 
"/etc/mail/certs/cert
.pem" [pop_config.c:1211]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.800 2002 [655] Finished processing config file 
'/etc/popper.conf
'; rslt=1 [pop_config.c:1463]
Jan  6 09:18:38.800 2002
Jan  6 09:18:38.803 2002 [655] (v4.0.3) Servicing request from 
"ananse.waveville
.net" at 216.101.173.131 [pop_init.c:1153]
Jan  6 09:18:38.803 2002
Jan  6 09:18:38.803 2002 [655] before TLS; tls_support==2 [popper.c:172]
Jan  6 09:18:38.803 2002
Jan  6 09:18:38.803 2002 [655] ...Initializing OpenSSL library 
[pop_tls_openssl.
c:224]
Jan  6 09:18:38.803 2002
Jan  6 09:18:38.805 2002 [655] ...have /dev/urandom; skipping PRNG seeding 
[pop_
tls_openssl.c:282]
Jan  6 09:18:38.805 2002
Jan  6 09:18:38.805 2002 [655] ...setting method to SSLv23_server_method 
[pop_tl
s_openssl.c:306]
Jan  6 09:18:38.805 2002
Jan  6 09:18:38.805 2002 [655] ...allocating OpenSSL context 
[pop_tls_openssl.c:
336]
Jan  6 09:18:38.805 2002
Jan  6 09:18:38.805 2002 [655] ...setting certificate file 
/etc/mail/certs/cert.
pem [pop_tls_openssl.c:347]
Jan  6 09:18:38.805 2002
Jan  6 09:18:38.807 2002 [655] ...private key file not set; assuming 
private key
  is in cert (/etc/mail/certs/cert.pem) [pop_tls_openssl.c:364]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...setting private key file 
/etc/mail/certs/cert.
pem [pop_tls_openssl.c:368]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...verifying private key against certificate 
[pop
_tls_openssl.c:381]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...(tls_cipher_list not specified) 
[pop_tls_opens
sl.c:408]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...allocating OpenSSL connection 
[pop_tls_openssl
.c:419]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...setting input (0) and output (0) file 
descript
ors [pop_tls_openssl.c:430]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] ...successfully completed OpenSSL initialization
[pop_tls_openssl.c:449]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.807 2002 [655] TLS Init [popper.c:193]
Jan  6 09:18:38.807 2002
Jan  6 09:18:38.808 2002 [655] (v4.0.3) Intro [popper.c:238]
Jan  6 09:18:38.808 2002
Jan  6 09:18:38.808 2002 [655] +OK Qpopper (version 4.0.3) at ns1.waveville.net
starting.  <[EMAIL PROTECTED]> [popper.c:251]
Jan  6 09:18:38.808 2002
Jan  6 09:18:38.808 2002 [655] Qpopper ready for input from (null) at 
ananse.wav
eville.net [216.101.173.131] [popper.c:285]
Jan  6 09:18:38.808 2002
Jan  6 09:18:38.820 2002 [655] Received (4): "CAPA" [pop_get_command.c:105]
Jan  6 09:18:38.820 2002
Jan  6 09:18:38.820 2002 [655] capa returned 1; CurrentState now auth1 
[popper.c
:329]
Jan  6 09:18:38.820 2002
Jan  6 09:18:38.820 2002 [655] Qpopper ready for input from (null) at 
ananse.wav
eville.net [216.101.173.131] [popper.c:285]
Jan  6 09:18:38.820 2002
Jan  6 09:18:38.840 2002 [655] Received (9): "USER dave" 
[pop_get_command.c:105]
Jan  6 09:18:38.840 2002
Jan  6 09:18:38.841 2002 [655] home (10): '/home/dave' [pop_user.c:215]
Jan  6 09:18:38.841 2002
Jan  6 09:18:38.841 2002 [655] AllowClearText=2; (TLS/SSL not used) 
[pop_user.c:
359]
Jan  6 09:18:38.841 2002
Jan  6 09:18:38.841 2002 [655] dave at ananse.waveville.net 
(216.101.173.131): -
ERR [AUTH] You must use TLS/SSL or stronger authentication such as APOP to 
conne
ct to this server [pop_user.c:360]
Jan  6 09:18:38.841 2002
Jan  6 09:18:38.841 2002 [655] user returned 0; CurrentState now auth1 
[popper.c
:329]
Jan  6 09:18:38.841 2002
Jan  6 09:18:38.841 2002 [655] Qpopper ready for input from dave at 
ananse.wavev
ille.net [216.101.173.131] [popper.c:285]
Jan  6 09:18:38.841 2002
Jan  6 09:18:38.999 2002 [655] Received (4): "QUIT" [pop_get_command.c:105]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] quit returned 1; CurrentState now halt 
[popper.c:
329]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] +OK Pop server at ns1.waveville.net signing off.
[popper.c:351]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] pTLS->m_pPOP->tls_started == false 
[pop_tls_opens
sl.c:807]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] freeing m_OpenSSLconn [pop_tls_openssl.c:811]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] freeing m_OpenSSLctx [pop_tls_openssl.c:817]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] openssl_shutdown returning 0 
[pop_tls_openssl.c:8
22]
Jan  6 09:18:38.999 2002
Jan  6 09:18:38.999 2002 [655] (v4.0.3) Ending request from "dave" at 
(ananse.wa
veville.net) 216.101.173.131 [popper.c:369]
Jan  6 09:18:38.999 2002

I know the client supports SSL, I check other accounts using it.

Any ideas?

-Dave

OpenBSD 3.0 SSL not working

Reply via email to