STARTTLS on Cyrus IMAPd 2.3.11
Jorey Bump
list at joreybump.com
Tue Mar 18 17:55:42 EDT 2008
Wesley Craig wrote, at 03/18/2008 04:44 PM:
> On 18 Mar 2008, at 16:11, Jorey Bump wrote:
>> Everything
>> seems to be working fine, with the exception of STARTTLS connections to
>> port 143 from *remote* machines.
>>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> verify error:num=19:self signed certificate in certificate chain
>
> Who signed the certificate?
issuer=/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
It's the same key/certificate I'm using on the production machine
running 2.3.7, so I don't think there's anything wrong with the
certificate. As I mentioned, it doesn't stop local connections, which
proceed beyond that error. And imaps (port 993) connections work fine
with the same system/certificate.
The failed Thunderbird connections cause this entry in the debug log:
Mar 18 17:48:54 mail imap[6279]: accepted connection
Mar 18 17:48:55 mail imap[6279]: wrong version number in SSL_accept() ->
fail
Mar 18 17:48:57 mail imap[6279]: accepted connection
Mar 18 17:48:57 mail imap[6279]: wrong version number in SSL_accept() ->
fail
Searches for this error and Cyrus IMAP turn up another posting in
January that was apparently never resolved:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html
I'm concerned I'll have to regress to an earlier version, but I'm hoping
there is a simple fix for this.
More information about the Info-cyrus
mailing list