LMTP STARTTLS and certificates
Matt Bernstein
mb/cyrus at dcs.qmul.ac.uk
Tue Sep 10 18:08:19 EDT 2002
At 09:42 -0400 Ken Murchison wrote:
>Matt Bernstein wrote:
>> So.. Exim is ready to send AUTH EXTERNAL, but it's no longer offered :-/
>
>Are you sure that Exim is offering a valid client cert? lmtpd won't
>offer EXTERNAL unless it gets an authid from the client cert.
Hmmm..... ... .. ... arse! Exim's cert is fine, but the CA on the server
is a little knotted... ..this will take a little time to sort out.
>> PS does anyone have a tool like "openssl s_client" useful for testing such
>> sessions where TLS negotiation happens after connect, rather than on
>> connect?
>
>Yeah, use 'lmtptest -t <certfile>'. You no longer need to use s_client
>to test any of the Cyrus daemons. You can use
>imtest/pop3test/lmtptest/smtptest/sivtest/mupdatetest (actually, they
>are all the same binary) to test SSL/TLS/AUTH.
Thanks! Exactly what I needed, and that exactly diagnosed the problem in
our CA. Your software and Exim are both good pieces of kit, and I'm the
stupid one ;)
You the man!
More information about the Info-cyrus
mailing list