Paul,
After 1.5.2 update to svn 14501, I can no longer log in to squirrelmail. I
have used the same squirrelmail setup for at least the last 6-8 years. The
current server is:
Server : Archlinux x86_64 (squirrelmail on same machine)
apache : 2.4.12-4
dovecot: 2.2.18-1
It had been many months since the last update. So I did the normal 'svn
update *'. Then ran config/conf.pl and check the config -- all good. (saved the
new config as suggested in doc/UPGRADE).
In the past, squirrelmail has not checked whether whether the dovecot.pem
certs were expired, but upon first attempt to login I received the following
failure:
Jun 12 17:58:22 phoinix dovecot[469]: imap-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking: SSL_accept() failed:
error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL
alert number 45, session=<b1x8C1oYlQAAAAAAAAAAAAAAAAAAAAAB>
Checking the cert with: 'openssl x509 -in certs/dovecot.pem -noout -text'
showed that the cert was expired:
Not Before: Dec 6 05:06:32 2013 GMT
Not After : Dec 6 05:06:32 2014 GMT
So I regenerated and installed the new certificates:
Not Before: Jun 12 23:21:37 2015 GMT
Not After : Jun 11 23:21:37 2016 GMT
All operation through Thunderbird (sending/receiving) works fine with the new
certificates, so the server isn't the issue -- it's squirrelmail. Attempted
login via squirrelmail still fails:
Jun 12 18:32:06 phoinix dovecot[469]: imap-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking: SSL_accept() failed:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert
number 48, session=<rM0jhFoYnAAAAAAAAAAAAAAAAAAAAAAB>
Strange? The error has changed from:
TLS handshaking: SSL_accept() failed: error:14094415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45
to
TLS handshaking: SSL_accept() failed: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48
So something in squirrelmail isn't handling the TLS handshaking: SSL_accept()
quite like it used to.
Let me know what else I can do or test to help isolate the problem. I'd like
to get me squirrelmail install back up and running or I will have a lot of upset
users in the morning.
Any help appreciated. Thanks.
--
David C. Rankin, J.D.,P.E.
------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
