[Dovecot] SSL_accept failed

[Timothy Martin]

Hopefully you're not all sick to death of me and my Dovecot SSL  
problems but I've tried everything I know, plus some other things I  
didn't know, and I still can't get Apple's Mail to work with my  
Dovecot install using SSL.

Below are log, debug, and openssl output. I can successfully use my  
mail client to connect to other servers using the same cert/key, I  
can also connect to other people's dovecot ssl installations (I hope  
you don't mind Morgan, I used nightbear.net to test if it was my  
client ;). I also can use other clients (thunderbird) to connect to  
my own Dovecot SSL server and it appears to work just fine.

I'm totally out of ideas. Everything looks okay, but something  
obviously isn't. I really would like to move off courier and use  
dovecot!

.tim

Dovecot log:

> dovecot: Sep 21 11:21:45 Warning: imap-login: SSL_accept() syscall  
> failed: EOF [17.207.13.42]
> dovecot: Sep 21 11:22:24 Info: imap-login: Disconnected:  
> Inactivity: rip=17.207.13.42, lip=69.72.209.92, TLS
	
Extended Mail.app Logging:

> CONNECTED Sep 21 11:17:10[kCFStreamSocketSecurityLevelNone]  --  
> host:dovecot.design1st.org -- port:994 -- socket:0x4c14230 --  
> thread:0x4c11c10
> 2006-09-21 11:18:15.539 Mail[4391] *** _NSSocket.m:1014  failed;  
> socket=0x4c14230 error=(NSPOSIXErrorDomain,60)
>
> CONNECTED Sep 21 11:18:15[kCFStreamSocketSecurityLevelNone]  --  
> host:dovecot.design1st.org -- port:994 -- socket:0x4c09460 --  
> thread:0x469260
> 2006-09-21 11:18:19.389 Mail[4391] exception raised during syncing:  
> *** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value
> 2006-09-21 11:19:20.744 Mail[4391] *** _NSSocket.m:1014  failed;  
> socket=0x4c09460 error=(NSPOSIXErrorDomain,60)
>
> CONNECTED Sep 21 11:19:21[kCFStreamSocketSecurityLevelNone]  --  
> host:dovecot.design1st.org -- port:994 -- socket:0x4c2e340 --  
> thread:0x4c11c10
> 2006-09-21 11:20:26.044 Mail[4391] *** _NSSocket.m:1014  failed;  
> socket=0x4c2e340 error=(NSPOSIXErrorDomain,60)

openssl s_client output:

> CONNECTED(00000003)
> depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
> verify return:1
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
>    i:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCVVMx
> EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEaMBgGA1UE
> ChMRRGVzaWduMXN0IERvdCBPcmcxGzAZBgNVBAMTEm1haWwuZGVzaWduMXN0Lm9y
> ZzEnMCUGCSqGSIb3DQEJARYYZDFzdC1hZG1pbkBkZXNpZ24xc3Qub3JnMB4XDTA1
> MTEwNTA2NDIwNFoXDTMzMDMyMjA2NDIwNFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD
> VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxGjAYBgNVBAoTEURl
> c2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2lnbjFzdC5vcmcxJzAl
> BgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9yZzCBnzANBgkqhkiG
> 9w0BAQEFAAOBjQAwgYkCgYEAueMIqNJGCB9QIZXBZw+17iT06feMdyzi0p7rB5xt
> 3nz/nTSMRFTIzmabN0tR8wFJ1oA3TlHFKQ51x08ZSUPLHmVo61xZIn392mwDL9Zn
> ozh3FreVXkKHMhANvwTV2kqMcOJzeyNgENO0YSl6iv1MydMAM2OGbC6FdHAz6dHG
> 4GkCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUF985KOsukGEGsY1eyBgWouDOVxIwgcUG
> A1UdIwSBvTCBuoAUF985KOsukGEGsY1eyBgWouDOVxKhgZ6kgZswgZgxCzAJBgNV
> BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
> GjAYBgNVBAoTEURlc2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2ln
> bjFzdC5vcmcxJzAlBgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9y
> Z4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBABwOsxpHng49aC9u
> eRe1a3wn5tyZDPq5YQqpACHvz5JRX54y6Dh+PB2Y0Qim6/Ihf2r91D/WnFwULHvX
> gllx6L4DnoB5Zq8+P+4B8m27VqgzaJAeIawXm0hXAl7E8UTUCXFCCUvuHmzVqHKl
> dtAuA5z38boKKywg6U1HUhbuAmd8
> -----END CERTIFICATE-----
> subject=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
> issuer=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ 
> CN=mail.design1st.org/emailAddress=d1st-admin at design1st.org
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1497 bytes and written 340 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : DHE-RSA-AES256-SHA
>     Session-ID:  
> 032499DFB1AEF924C4359B63499B6566A02373A6BF24C029EB08A3B1D5FA4A1F
>     Session-ID-ctx:
>     Master-Key:  
> E53F0F952B1E390113D5851A7BF6F0949D47804BF2E3ED0182914065792E2B12A17AAD 
> 2DA44BEB958E673C26AC26EFFD
>     Key-Arg   : None
>     Start Time: 1158862805
>     Timeout   : 300 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
> * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES  
> MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN- 
> REFERRALS QUOTA AUTH=PLAIN] Dovecot ready.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20060922/0026d7cc/attachment.htm