Re: [Dovecot] SSL_accept failed

23 Sep 2006

      Hopefully you're not all sick to death of me and my Dovecot SSL

problems but I've tried everything I know, plus some other things I

didn't know, and I still can't get Apple's Mail to work with my

Dovecot install using SSL.
Below are log, debug, and openssl output. I can successfully use my

mail client to connect to other servers using the same cert/key, I

can also connect to other people's dovecot ssl installations (I hope

you don't mind Morgan, I used nightbear.net to test if it was my

client ;). I also can use other clients (thunderbird) to connect to

my own Dovecot SSL server and it appears to work just fine.
I'm totally out of ideas. Everything looks okay, but something

obviously isn't. I really would like to move off courier and use

dovecot!
.tim
Dovecot log:
...
dovecot: Sep 21 11:21:45 Warning: imap-login: SSL_accept() syscall

failed: EOF [17.207.13.42]
dovecot: Sep 21 11:22:24 Info: imap-login: Disconnected:

Inactivity: rip=17.207.13.42, lip=69.72.209.92, TLS
Extended Mail.app Logging:
...
CONNECTED Sep 21 11:17:10[kCFStreamSocketSecurityLevelNone]  --

host:dovecot.design1st.org -- port:994 -- socket:0x4c14230 --

thread:0x4c11c10
2006-09-21 11:18:15.539 Mail[4391] *** _NSSocket.m:1014  failed;

socket=0x4c14230 error=(NSPOSIXErrorDomain,60)
CONNECTED Sep 21 11:18:15[kCFStreamSocketSecurityLevelNone]  --

host:dovecot.design1st.org -- port:994 -- socket:0x4c09460 --

thread:0x469260
2006-09-21 11:18:19.389 Mail[4391] exception raised during syncing:

*** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value
2006-09-21 11:19:20.744 Mail[4391] *** _NSSocket.m:1014  failed;

socket=0x4c09460 error=(NSPOSIXErrorDomain,60)
CONNECTED Sep 21 11:19:21[kCFStreamSocketSecurityLevelNone]  --

host:dovecot.design1st.org -- port:994 -- socket:0x4c2e340 --

thread:0x4c11c10
2006-09-21 11:20:26.044 Mail[4391] *** _NSSocket.m:1014  failed;

socket=0x4c2e340 error=(NSPOSIXErrorDomain,60)
openssl s_client output:
...
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
verify return:1
Certificate chain
0 s:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
i:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
Server certificate
-----BEGIN CERTIFICATE-----
MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEaMBgGA1UE
ChMRRGVzaWduMXN0IERvdCBPcmcxGzAZBgNVBAMTEm1haWwuZGVzaWduMXN0Lm9y
ZzEnMCUGCSqGSIb3DQEJARYYZDFzdC1hZG1pbkBkZXNpZ24xc3Qub3JnMB4XDTA1
MTEwNTA2NDIwNFoXDTMzMDMyMjA2NDIwNFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxGjAYBgNVBAoTEURl
c2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2lnbjFzdC5vcmcxJzAl
BgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9yZzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAueMIqNJGCB9QIZXBZw+17iT06feMdyzi0p7rB5xt
3nz/nTSMRFTIzmabN0tR8wFJ1oA3TlHFKQ51x08ZSUPLHmVo61xZIn392mwDL9Zn
ozh3FreVXkKHMhANvwTV2kqMcOJzeyNgENO0YSl6iv1MydMAM2OGbC6FdHAz6dHG
4GkCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUF985KOsukGEGsY1eyBgWouDOVxIwgcUG
A1UdIwSBvTCBuoAUF985KOsukGEGsY1eyBgWouDOVxKhgZ6kgZswgZgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
GjAYBgNVBAoTEURlc2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2ln
bjFzdC5vcmcxJzAlBgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9y
Z4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBABwOsxpHng49aC9u
eRe1a3wn5tyZDPq5YQqpACHvz5JRX54y6Dh+PB2Y0Qim6/Ihf2r91D/WnFwULHvX
gllx6L4DnoB5Zq8+P+4B8m27VqgzaJAeIawXm0hXAl7E8UTUCXFCCUvuHmzVqHKl
dtAuA5z38boKKywg6U1HUhbuAmd8
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
issuer=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/
CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
No client certificate CA names sent
SSL handshake has read 1497 bytes and written 340 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol  : TLSv1
Cipher    : DHE-RSA-AES256-SHA
Session-ID:

032499DFB1AEF924C4359B63499B6566A02373A6BF24C029EB08A3B1D5FA4A1F
Session-ID-ctx:
Master-Key:

E53F0F952B1E390113D5851A7BF6F0949D47804BF2E3ED0182914065792E2B12A17AAD
2DA44BEB958E673C26AC26EFFD
Key-Arg   : None
Start Time: 1158862805
Timeout   : 300 (sec)
Verify return code: 18 (self signed certificate)

OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES

MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-
REFERRALS QUOTA AUTH=PLAIN] Dovecot ready.

Re: [Dovecot] SSL_accept failed

Timothy Martin

Certificate chain 0 s:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org i:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org

No client certificate CA names sent

SSL handshake has read 1497 bytes and written 340 bytes