cyrus & TLS problem ?

Fredrik Lilieblad fli at it.kth.se
Thu Apr 29 21:09:17 EDT 2004 

Hi!

I'm experiencing some strange problems when running imapd together with
TLS.

A client (like imtest or Outlook) can connect to the imapd service with
TLS but it closes after a few (10-20) requests with a "protocol version"
error.

I would be very grateful for any help on what the solution for this
problem could be.

I'm running:
cyrus-imap 2.2.3
cyrus-sasl 2.1.18
openssl-0.9.7d
heimdal-0.6.1
kth-krb 1.2.2

It looks like this:
* The last request on the client side (from imtest):
B0006 SELECT INBOX.Drafts
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1055754437]
* OK [UIDNEXT 6]
B0006 OK [READ-WRITE] Completed
B0007 SELECT INBOX.Drafts
Protection error: Error 0
Connection closed.

* The logs report:
[ID 736213 local6.debug] open: user fli opened INBOX.Drafts
[ID 199388 local6.debug] SSL3 alert write:fatal:protocol version
[ID 191084 local6.warning] Error 0, closing connection

* A stack trace on the imapd process gives this:
Program received signal SIGPIPE, Broken pipe.
0xfee1fa08 in _write () from /usr/lib/libc.so.1
(gdb) bt
#0  0xfee1fa08 in _write () from /usr/lib/libc.so.1
#1  0xfef3099c in sock_write () from /opt/csw/lib/libcrypto.so.0.9.7
#2  0xfef2d608 in BIO_write () from /opt/csw/lib/libcrypto.so.0.9.7
#3  0xff03bec8 in do_ssl3_write () from /opt/csw/lib/libssl.so.0.9.7
#4  0xff03b854 in ssl3_write_bytes () from /opt/csw/lib/libssl.so.0.9.7
#5  0x586e8 in prot_flush_writebuffer (s=0x116c40,
    buf=0x1190e8 "* BYE Error 0\r\nred \\Flagged \\Draft \\Deleted
\\Seen)\r\n* OK [PERMANENTFLAGS (\\Answered \\Flagged \\Draft \\Deleted
\\Seen \\*)]  \r\n* 0 EXISTS\r\n* 0 RECENT\r\n* OK [UIDVALIDITY
1055754437]  \r\n* OK [UIDNEXT 6]  \r\n"..., len=15) at prot.c:609
#6  0x58890 in prot_flush_internal (s=0x116c40, force=1) at prot.c:691
#7  0x1a498 in service_main (argc=0, argv=0x1140b8, envp=0xffbef858) at
imapd.c:586
#8  0x18da4 in main (argc=1061888, argv=0x103400, envp=0xffbef858) at
service.c:557

* Checking the tls_conn struct actually gives a strange protocol version
number (should be 0x301):
(gdb) p *(s->tls_conn)
$1 = {version = 25953, type = 8192, method = 0xff06c558, rbio =
0x116ee0, wbio = 0x12b678, bbio = 0x0, rwstate = 2, in_handshake = 0,
  handshake_func = 0xff031280 <ssl3_accept>, server = 1, new_session =
0, quiet_shutdown = 0, shutdown = 0, state = 3, rstate = 241, init_buf =
0x0,
  init_msg = 0x12c894, init_num = 0, init_off = 0, packet = 0x131df0
"\025ea", packet_length = 5, s2 = 0x0, s3 = 0x1293f8, read_ahead = 0,
  msg_callback = 0, msg_callback_arg = 0x0, hit = 0, purpose = 0, trust
= 0, cipher_list = 0x0, cipher_list_by_id = 0x0, enc_read_ctx =
0x1423e0,
  read_hash = 0xfefecee8, expand = 0x0, enc_write_ctx = 0x142578,
write_hash = 0xfefecee8, compress = 0x0, cert = 0x128d88, sid_ctx_length
= 0,
  sid_ctx = '\000' <repeats 31 times>, session = 0x12a690,
generate_session_id = 0, verify_mode = 0, verify_depth = -1,
  verify_callback = 0x326d4 <verify_callback>, info_callback = 0, error
= 0, error_code = 0, ctx = 0x121d70, debug = 0, verify_result = 0,
ex_data = {
    sk = 0x0, dummy = 0}, client_CA = 0x0, references = 1, options =
4095, mode = 3, max_cert_list = 102400, first_packet = 0, client_version
= 769}

Any hints on what the problem could be ?

Best Regards,
Fredrik


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list