How to make sync_client invoke STARTTLS for replication
Rudy Gevaert
Rudy.Gevaert at UGent.be
Tue Jun 1 05:09:35 EDT 2010
On 05/28/2010 09:37 PM, Wesley Craig wrote:
> On 28 May 2010, at 09:09, Rudy Gevaert wrote:
>>> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3174
>>
>> Thanks, for replying. But I'm not sure what you are saying with the
>> above patches.
>
> If you apply the above fix and set allowplaintext to "no" then
> sync_client will negotiate TLS and then use PLAIN (assuming
> everything else is configured appropriately). Does that get what
> you're after?
Hello Wesley,
Thanks for coming back to this!
I applied your patch and have allowplaintext to "no". Now when I start
sync_client it doesn't segfault. However it gives 'Can not connect to
server'.
cyrus at cyrdev1:/etc/cyrus-ugent$ synctest -a syncclient -u syncclient -t
'' maild1r.ugent.be
S: * STARTTLS
S: * OK maild1r.ugent.be Cyrus sync server v2.3.16
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits)
S: * SASL PLAIN
S: * OK maild1r.ugent.be Cyrus sync server v2.3.16
Please enter your password:
C: AUTHENTICATE PLAIN <...>
S: OK Success (tls protection)
Authenticated.
Security strength factor: 256
Can you tell me how to further troubleshoot, please?
Thanks!
Rudy
More information about the Info-cyrus
mailing list