[Dovecot] Enabling even more debug info for SSL/TLS handling during handshaking?

Dmitry Samersoff dms at samersoff.net
Thu Mar 19 23:20:25 EET 2009


Johan,

As far as cert negotiation happens on very early stages of protocol just 
write as small program with as many debugging as you want.

-Dmitry

Johan Persson wrote:
> Hi,
> 
>> t's not easily reproducible?
> 
> Yes, this is 100% reproducible if you use the "Accept certificate permanently" 
> when the client receives the warning that the certificate on the server is not 
> trusted.
> 
> The strange thing is that if you instead use "Accept certificate only this 
> time" then it works
> 
>>> Since we have no access to the certificate (SSL/TLS) handling code we are a 
>>> bit at loss here and have to "proof" to "the other" guys in Finland thatc 
> it's 
>>> there fault :-)
> 
>> You mean a bug in S60 libraries?
> Yep. Since it seems that the server receives some erronous messages
> 
>> verbose_ssl=yes makes Dovecot log all errors/warnings that OpenSSL can
> Yes, this is already enabled
> 
>> http://crypto.stanford.edu/~eujin/sslsniffer/index.html
> Will have a look at this.
> 
> Thanks!
> Johan
> 


-- 
Dmitry Samersoff
dms at samersoff.net, http://devnull.samersoff.net
* There will come soft rains ...



More information about the dovecot mailing list