2.3.11 STARTTLS broken if tls_ca_file is defined
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Wed Jan 2 12:45:42 EST 2008
-- jc.duss59 at laposte.net is rumored to have mumbled on 2. Januar 2008
17:46:11 +0100 regarding 2.3.11 STARTTLS broken if tls_ca_file is defined:
> Since I upgraded to 2.3.11, It's seems i've got the same problem.
> I can use TLS via SSL via imaps on port 993 when i disable the
> tls_ca_file : imaps[45635]: TLS server engine: cannot load CA data
> Jan 2 17:34:47 imaptest imaps[45635]: starttls: TLSv1 with cipher
> AES256-SHA (256/256 bits reused) no authentication Jan 2 17:34:47
> imaptest imaps[45635]: login: [x.x.x.x] toto2 plain+TLS User logged in
> but I can't connect to TLS via imapd on port 143 :
>
> TLS server engine: cannot load CA data
> Jan 2 17:35:37 imaptest imap[45653]: TLS server engine: No CA file
> specified. Client side certs may not work Jan 2 17:35:37 imaptest
> imap[45653]: STARTTLS negotiation failed: [ x.x.x.x ]
> I use client certificate.
Not in the first example. "plain+TLS" means that a password was used. So
does logging in via TLS on port 143 work if you use a password instead of a
certificate? It's possible that authenticating with a certificate was
broken with the changes from 2.3.10 to 2.3.11.
> What can i do to solve it?
Revert to 2.3.10?
If you want to help find out what's going in, please increase logging for
Cyrus to the debug level (in syslog.conf). That should show much more
detailed logging.
--
Sebastian Hagedorn - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
Universität zu Köln / Cologne University - Tel. +49-221-478-5587
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080102/66d91ce7/attachment.bin
More information about the Info-cyrus
mailing list