Expire (manually) TLS sessions?

[Jeff Blaine]

With the tls_ca_file line removed, Thunderbird asked me
to specify a client certificate, I chose my cert and
entered my password to access it.

Jan 16 10:08:33 imapsrv imap[15668]: [ID 921384 local6.debug] accepted 
connection
Jan 16 10:08:33 imapsrv imap[15668]: [ID 636471 local6.notice] TLS 
server engine: cannot load CA data
Jan 16 10:08:33 imapsrv imap[15668]: [ID 286863 local6.notice] 
imapd:Loading hard-coded DH parameters
Jan 16 10:08:33 imapsrv imap[15668]: [ID 277171 local6.error] TLS server 
engine: No CA file specified. Client side certs may not work
Jan 16 10:08:33 imapsrv imap[15668]: [ID 574029 local6.debug] 
SSL_accept() incomplete -> wait
Jan 16 10:08:43 imapsrv imap[15668]: [ID 160154 local6.debug] Doing a 
peer verify
Jan 16 10:08:43 imapsrv imap[15668]: [ID 227675 local6.error] verify 
error:num=20:unable to get local issuer certificate
Jan 16 10:08:43 imapsrv imap[15668]: [ID 192010 local6.debug] no 
certificate returned in SSL_accept() -> fail
Jan 16 10:08:43 imapsrv imap[15668]: [ID 239158 local6.notice] STARTTLS 
negotiation failed: bva-172.our.com

Sebastian Hagedorn wrote:
> --On 16. Januar 2009 09:43:02 -0500 Jeff Blaine <jblaine at kickflop.net> 
> wrote:
> 
>> A new cert did not solve the problem:
>>
>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 921384 local6.debug] accepted
>> connection
>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 192010 local6.debug] wrong
>> version number in SSL_accept() -> fail
> 
> But it results in a different error message.
> 
>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 239158 local6.notice] STARTTLS
>> negotiation failed: bva-172.our.com
> 
> That reminds me of something. Try removing this line from your config:
> 
> tls_ca_file:    /var/imap/ca.crt
> 
> Also, try using different clients. IIRC, there is an issue specifically 
> with Thunderbird and that setting. I don't remember the details, but you 
> should be able to find them in the archives.