[Dovecot] SSL_accept failed

OpenMacNews openmacnews at gmail.com
Sun Sep 10 02:45:00 EEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi tim,

- -- On September 9, 2006 4:24:37 PM -0700  Timothy Martin 
<instanttim at mac.com> wrote:
> So thunderbird actually seems to work fine, but Mail.app doesn't.

to be honest, that doesn't surprise me.

personally, i've given up trusting Mail.app with any 'serious' imap 
usage.  "mebbe sumday" ...

that said, imho, there's no more robust imap client (well, gui-client, 
anyway) than Mulberry (http://mulberrymail.com).  if only cuz the 
author, Cyrus Daboo, is about as 'authoritative' as it gets.

my $0.02, ymmv, caveat emptor, etc etc ...

> I get the warning from thunderbird about the self-signed cert, but
> mail.app doesn't give me any warning at all. I'm used to getting the
> warning from Mail.app when i use my courier imap server... which
> works just fine with my self-signed certs.

i've been led astray by "works just fine"

> Do you think it makes a difference how you created the cert?

short answer: yes.

forget an -x509 here, mix up a -out and a -keyout, etc & you'll like 
get a cert, that even "works" -- initially & kinda sorta ...

> Over the
> years i've found two different ways to do it. One way involves making
> the CA cert and creating a CSR and it's many many steps.

which, ultimately, is what i've come to depend on.  i've forced myself 
to understand what's going on in each step.

because, at my age ;-) my memory's failing, i've got it all wrapped up 
in a script specific to my $ENV & dir_structure.

> But
> alternatively I found that I can normally do it in a single step like
> so:
>
> 	openssl req -x509 -newkey rsa:2048 -keyout private/dovecot.key -out
> certs/dovecot.cert -days 365 -nodes
>
>
> But admittedly, despite reading many a source on certs and ssl I
> really don't understand the finer points of it.

amen to that.  but, if you're gonna depend on this AND diy, you really 
have little choice ...

you haven't referenced that you've tested the certs, or viewed them in 
detail in mulberry/thunderbird or shell, for that matter ...

if you haven't, again, i'd simply suggest that you do.

g'luck!

> .tim



- -- 

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iEYEARECAAYFAkUDUfwACgkQlffdvTZxCMbxuACfWVpX5jfMntUqyLAlAplpFYX0
9twAnAn1KLWjmIkvlPnY5FRb9rskGQUH
=3IZg
-----END PGP SIGNATURE-----



More information about the dovecot mailing list