[Dovecot] Enabling even more debug info for SSL/TLS handling during handshaking?

Dmitry Samersoff dms at samersoff.net
Thu Mar 19 23:20:25 EET 2009


As far as cert negotiation happens on very early stages of protocol just 
write as small program with as many debugging as you want.


Johan Persson wrote:
> Hi,
>> t's not easily reproducible?
> Yes, this is 100% reproducible if you use the "Accept certificate permanently" 
> when the client receives the warning that the certificate on the server is not 
> trusted.
> The strange thing is that if you instead use "Accept certificate only this 
> time" then it works
>>> Since we have no access to the certificate (SSL/TLS) handling code we are a 
>>> bit at loss here and have to "proof" to "the other" guys in Finland thatc 
> it's 
>>> there fault :-)
>> You mean a bug in S60 libraries?
> Yep. Since it seems that the server receives some erronous messages
>> verbose_ssl=yes makes Dovecot log all errors/warnings that OpenSSL can
> Yes, this is already enabled
>> http://crypto.stanford.edu/~eujin/sslsniffer/index.html
> Will have a look at this.
> Thanks!
> Johan

Dmitry Samersoff
dms at samersoff.net, http://devnull.samersoff.net
* There will come soft rains ...

More information about the dovecot mailing list