While we're at it, what about #2642? <https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2642> We were recently bitten by that particular problem.Now, that's a bit more complicated! Also, we use nginx in front of cyrus, so we don't use the built-in tls engine at all. I wouldn't feel comfortable testing this one. Is anyone running it on top of 2.3.14, or only on the 2.2 series?
I have to admit that we currently don't. I applied the patch, compiled successfully, copied over just the imapd binary, created a special entry in cyrus.conf, that used that binary, and found that it segfaulted. I didn't investigate further, because I was under pressure. I reversed the patch and added just a single line in tls.c:
askcert = 0;That worked, but of course that disables all client certificates. Because I didn't want to maintain a local patch, I came up with this workaround:
<https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2642#c8>Still, that's not exactly a clean solution. So ideally the patch in #2642 should be made to work in 2.3.15 ... I'd be happy to beta-test it if someone can clean it up.
-- Sebastian Hagedorn - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-478-5587
Attachment:
p7sLHTyYGOhZq.p7s
Description: S/MIME cryptographic signature
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
