Re: Cyrus SSL/TLS and StartCom SSL certificates?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 21 Nov 2009, Rich Wales wrote:

> Recently, I installed new "StartSSL Free" SSL certificates from StartCom
> on these servers.  After doing so, I could no longer connect securely to
> Cyrus in any mode (imaps, imap + starttls, pop3s, pop3 + starttls) -- the
> client sat for a long time before timing out, and the syslog messages
> on the server spoke vaguely about "STARTTLS negotiation failed", "Fatal
> error: tls_start_servertls() failed", etc.

I don't know but the symptoms sound familiar (see my previous mail
with the subject line "STARTTLS TLS handshake fails after
ServerKeyExchange").

We tried to debug the problem by adding some logging to both Cyrus'
and OpenSSL's code. The problem may somehow be related to the CA file
reading. (My understanding of OpenSSL is too limited but after all it
all came down to a return value of -1 from BIO_write library call or
something...)

Anyway, removing extra CA's from ca-bundle.crt seems to fix it for us
too.


-Jukka Huhta
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux