[Dovecot] imap-login hangs after receiving revoked SSL certificate
Timo Sirainen
tss at iki.fi
Mon Dec 2 18:19:37 EET 2013
On 2.12.2013, at 15.41, Алексей Прокопчук <alexpro at homelan.lg.ua> wrote:
> I use dovecot-2.1.16 on Gentoo Linux amd64.
>
> All works fine with valid certificates. But if I submit revoked
> certificate, dovecot doesn't send error or success messages to mail
> client, process 'imap-login' eats 100% CPU and completely hangs. Only
> SIGKILL can terminate it. When dovecot receives revoked certificate,
> following messages appears in the log:
>
> ------------------
> Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate:
> certificate revoked: /O=AP inc./OU=Admins/CN=Alexey Prokopchuk/UID=alexpro
> Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate: Different
> CRL scope: /CN=AP inc. root certification authority/O=AP inc./C=UA
> Dec 2 13:50:39 mail last message repeated 17950 times
> -------------------
What OpenSSL version are you using?
This looks like the same issue:
http://rt.openssl.org/Ticket/Display.html?id=3090&user=guest&pass=guest
Where the fix is in:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4b26645c1a71cf9ce489e4f79fc836760b670ffe
Not sure if Dovecot should be doing something different here, or maybe working around that bug. I think Postfix has the same problem.
More information about the dovecot
mailing list