On Wed, 19 Mar 2008, Jorey Bump wrote:
Wesley Craig wrote, at 03/18/2008 08:48 PM:
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
Do you use client certificates? Because the message you're quoting is
about someone who
Andrew Morgan wrote, at 03/20/2008 12:20 PM:
Just for reference, I'm using the following TLS settings with 2.3.11
just fine:
tls_ca_file: /etc/ssl/certs/thawte-premium.pem
tls_ca_path: /etc/ssl/certs
tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt
tls_key_file:
On 20 Mar 2008, at 13:07, Jorey Bump wrote:
Andrew Morgan wrote, at 03/20/2008 12:20 PM:
Maybe the format of your CA bundle file is not what openssl
expects? Do
you get valid output when you run:
openssl x509 -in /etc/ssl/certs/your-ca-bundle -text
I'm not sure. There are no errors,
Wesley Craig wrote, at 03/20/2008 01:57 PM:
On 20 Mar 2008, at 13:07, Jorey Bump wrote:
On a lark, I pointed tls_ca_file to an old root certificate I once
needed for a chained root. It contains only a single certificate, and
STARTTLS connections on port 143 work when it is defined.
This
-- Jorey Bump [EMAIL PROTECTED] is rumored to have mumbled on 19. März
2008 01:09:31 -0400 regarding Re: STARTTLS on Cyrus IMAPd 2.3.11:
Can anyone confirm that STARTTLS connections to
port 143 work with 2.3.11?
Of course they do. We've been running 2.3.11 for a few months now and
haven't
Jorey Bump wrote:
Jorey Bump wrote, at 03/18/2008 09:18 PM:
I'm focusing now on the open_ssl error wrong version number and just
realized the current system uses openssl 0.9.7l, while the new
environment uses openssl 0.9.8e. This might be significant, but I
haven't found anything
On Wed, 19 Mar 2008, Jorey Bump wrote:
Jorey Bump wrote, at 03/18/2008 09:18 PM:
I'm focusing now on the open_ssl error wrong version number and just
realized the current system uses openssl 0.9.7l, while the new
environment uses openssl 0.9.8e. This might be significant, but I
haven't
You know, this *almost* sounds like you've configure Thunderbird to
do TLS on the imaps port.
:wes
On 19 Mar 2008, at 01:09, Jorey Bump wrote:
Jorey Bump wrote, at 03/18/2008 09:18 PM:
I'm focusing now on the open_ssl error wrong version number and
just
realized the current system uses
Wesley Craig wrote, at 03/19/2008 04:53 PM:
You know, this *almost* sounds like you've configure Thunderbird to do
TLS on the imaps port.
No, its connecting to port 143 with TLS checked. I've provided my
cyrus.conf in another message, where you can see I'm running imapd
without the -s switch
hello,
try this:
...
sasl_mech_list: PLAIN LOGIN
...
patrick
- Original Message -
From: Jorey Bump [EMAIL PROTECTED]
To: Sebastian Hagedorn [EMAIL PROTECTED]
Cc: info-cyrus@lists.andrew.cmu.edu
Sent: Thursday, March 20, 2008 6:49 AM
Subject: Re: STARTTLS on Cyrus IMAPd 2.3.11
Andrew Morgan wrote, at 03/19/2008 06:57 PM:
Those look fine to me. I'm not sure about the sasl_minimum_layer
setting. Have you tried setting that to 0?
Yes, but no joy. :(
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List
Patrick T. Tsang wrote, at 03/19/2008 07:07 PM:
try this:
...
sasl_mech_list: PLAIN LOGIN
...
No effect.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Jorey Bump wrote, at 03/19/2008 06:41 PM:
tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt
This seems to be the cause of the problem. If I remove this setting,
everything works as expected. Note that this didn't interfere on 2.3.7.
The entry in imapd.conf(5) isn't very illuminating:
Wesley Craig wrote, at 03/18/2008 08:48 PM:
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
Do you use client certificates? Because the message you're quoting is
about someone who does:
On 18 Mar 2008, at 16:11, Jorey Bump wrote:
Everything
seems to be working fine, with the exception of STARTTLS
connections to
port 143 from *remote* machines.
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
Who signed
Wesley Craig wrote, at 03/18/2008 04:44 PM:
On 18 Mar 2008, at 16:11, Jorey Bump wrote:
Everything
seems to be working fine, with the exception of STARTTLS connections to
port 143 from *remote* machines.
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
028210.html
Do you use client certificates? Because the message you're quoting
is about someone who does:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/
Wesley Craig wrote, at 03/18/2008 08:48 PM:
On 18 Mar 2008, at 17:55, Jorey Bump wrote:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
Do you use client certificates? Because the message you're quoting is
about someone who does:
Jorey Bump wrote, at 03/18/2008 09:18 PM:
I'm focusing now on the open_ssl error wrong version number and just
realized the current system uses openssl 0.9.7l, while the new
environment uses openssl 0.9.8e. This might be significant, but I
haven't found anything conclusive. I know that
19 matches
Mail list logo