Hello. I am trying to help my users workaround an issue which was described here:https://bugzilla.mozilla.org/show_bug.cgi?id=437683 In short, cyrus imapd asked for tls client certificate, while user agent thunderbird prompts user to select one. Since our deployment does not require client certificate, and users have their email PGP certificate installed, whatever PGP certificate user selects must be wrong, thus user couldn't establish connection to imap server. Workarounds: 1. Disable TLS on server or client (bad, their email wouldn't be safe then); 2. Remove PGP certificate for our clients (bad, ditto); 3. Ask users to switch from Thunderbird to Outlook Express (bad, I feel sicker if they do); 4. Wait for Thunderbird to add an option to allow user to configure always not offer certificate to TLS server even if asked (bad, could be years' waiting); 5. Configure cyrus so that it does not turn on SSL_VERIFY_PEER flag (of openssl), that imapd server do not ask user for client certificate (the only solution that looks feasible); So 4 is the choice. Problem being I couldn't figure out how to configure it that way. I configured "tls_require_cert: false" which sets SSL_VERIFY_FAIL_IF_NO_PEER_CERT, which controls if requires the client to provide the certificate (instead of SSL_VERIFY_PEER which controls if asks the client to provide the certificate). So how do you suggest me handle the situation? Thanks a lot in advance! -- 锐业软服(北京)信息技术有限公司 Real Softservice 邮政编码:100089 北西环中路238号 柏彦大厦406b室Beisihuan Zhong Road No. 238 Baiyan Building Unit 406B Tel: +86 (10) 8231 8580http://www.realss.com ----Cyrus Home Page: http://cyrusimap.web.cmu.edu/Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twikiList Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
