Re: Failed initializing TLS/SSL (qpopper 4.0.5)

Tue, 02 Mar 2004 13:10:02 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le Vendredi 27 F�vrier 2004 20:41, Clifton Royston a �crit :
> On Fri, Feb 27, 2004 at 07:39:30PM +0100, Thomas Carri� wrote:
> ...
>
> > It seems that is not defined (pop_tls_openssl.c:368 prints empty
> > tls-server-cert-file), but it is ! it is how my config file looks like
> >
> > set tls-server-cert-file     = /etc/ssl/certs/mail.pem
> > # set tls-version              = default
> > set tls-support              = stls
> > set clear-text-password      = tls
> > # set tls-private-key-file     =
> > # set tls-passphrase           =
> >
> > ) grep pop inetd.conf
> > pop3            stream  tcp     nowait  root    /usr/sbin/popper -s -l 1
>
> It looks like you're not actually specifying the config file name.  Try
> adding
>  -f /path/to/your/config.file

You are are right, -f and qpopper were missing.

However there was a second problem : qpopper doesn't support private key and 
auto-signed certificate in the same file. Indeed if you generate files like 
this

/etc/ssl# openssl req -x509 -newkey rsa:1024 -keyout certs/mail.pem -out 
certs/mail.pem -days 9999 -nodes

You will get the following error :

Error setting certificate PEM file /etc/ssl/certs/mail.pem 
...SSL error: error:0906D06C:PEM routines:PEM_read_bio:no start line 
[pop_tls_openssl.c:368]

You have to generate the private key and the auto-signed certificate in 2 
different files like this

cd /etc/ssl/certs/
openssl req -new -x509 -days 999 -nodes -out rsa.pem -keyout rsa-key.pem
openssl dhparam -out dhparam.pem 1024
ls -l rsa-key.pem
- -rw-------    1 root     root          887 Mar  2 20:49 rsa-key.pem

grep \.pem /etc/qpopper.config
set tls-private-key-file     = /etc/ssl/certs/rsa-key.pem
set tls-server-cert-file     = /etc/ssl/certs/rsa.pem

It works fine.



- -- 

Thomas Carri�
Identit� GPG : 0285ED14

http://www.lebars.org/sec/tcpa-faq.fr.html
http://www.pimientolinux.com/peru2ms/villanueva_to_ms.html
http://petition.eurolinux.org/pr/fr/pr17.html
http://aful.org/publi/articles/gilmore-copy-protection.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFARPYznJNpQgKF7RQRAr6FAJ9TryTCS1uLxAKaZMZ196Dwmr1TJwCgkZKx
E12EdY7iIQ8TfHZc4F6w0Jg=
=YfYH
-----END PGP SIGNATURE-----

Reply via email to