Hopefully you're not all sick to death of me and my Dovecot SSL problems but I've tried everything I know, plus some other things I didn't know, and I still can't get Apple's Mail to work with my Dovecot install using SSL.

Below are log, debug, and openssl output. I can successfully use my mail client to connect to other servers using the same cert/key, I can also connect to other people's dovecot ssl installations (I hope you don't mind Morgan, I used nightbear.net to test if it was my client ;). I also can use other clients (thunderbird) to connect to my own Dovecot SSL server and it appears to work just fine.

I'm totally out of ideas. Everything looks okay, but something obviously isn't. I really would like to move off courier and use dovecot!

.tim

Dovecot log:

dovecot: Sep 21 11:21:45 Warning: imap-login: SSL_accept() syscall failed: EOF [17.207.13.42]
dovecot: Sep 21 11:22:24 Info: imap-login: Disconnected: Inactivity: rip=17.207.13.42, lip=69.72.209.92, TLS
Extended Mail.app Logging:

CONNECTED Sep 21 11:17:10[kCFStreamSocketSecurityLevelNone]  -- host:dovecot.design1st.org -- port:994 -- socket:0x4c14230 -- thread:0x4c11c10
2006-09-21 11:18:15.539 Mail[4391] *** _NSSocket.m:1014  failed; socket=0x4c14230 error=(NSPOSIXErrorDomain,60)

CONNECTED Sep 21 11:18:15[kCFStreamSocketSecurityLevelNone]  -- host:dovecot.design1st.org -- port:994 -- socket:0x4c09460 -- thread:0x469260
2006-09-21 11:18:19.389 Mail[4391] exception raised during syncing: *** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value
2006-09-21 11:19:20.744 Mail[4391] *** _NSSocket.m:1014  failed; socket=0x4c09460 error=(NSPOSIXErrorDomain,60)

CONNECTED Sep 21 11:19:21[kCFStreamSocketSecurityLevelNone]  -- host:dovecot.design1st.org -- port:994 -- socket:0x4c2e340 -- thread:0x4c11c10
2006-09-21 11:20:26.044 Mail[4391] *** _NSSocket.m:1014  failed; socket=0x4c2e340 error=(NSPOSIXErrorDomain,60)

openssl s_client output:

CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
   i:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEaMBgGA1UE
ChMRRGVzaWduMXN0IERvdCBPcmcxGzAZBgNVBAMTEm1haWwuZGVzaWduMXN0Lm9y
ZzEnMCUGCSqGSIb3DQEJARYYZDFzdC1hZG1pbkBkZXNpZ24xc3Qub3JnMB4XDTA1
MTEwNTA2NDIwNFoXDTMzMDMyMjA2NDIwNFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxGjAYBgNVBAoTEURl
c2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2lnbjFzdC5vcmcxJzAl
BgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9yZzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAueMIqNJGCB9QIZXBZw+17iT06feMdyzi0p7rB5xt
3nz/nTSMRFTIzmabN0tR8wFJ1oA3TlHFKQ51x08ZSUPLHmVo61xZIn392mwDL9Zn
ozh3FreVXkKHMhANvwTV2kqMcOJzeyNgENO0YSl6iv1MydMAM2OGbC6FdHAz6dHG
4GkCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUF985KOsukGEGsY1eyBgWouDOVxIwgcUG
A1UdIwSBvTCBuoAUF985KOsukGEGsY1eyBgWouDOVxKhgZ6kgZswgZgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
GjAYBgNVBAoTEURlc2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2ln
bjFzdC5vcmcxJzAlBgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9y
Z4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBABwOsxpHng49aC9u
eRe1a3wn5tyZDPq5YQqpACHvz5JRX54y6Dh+PB2Y0Qim6/Ihf2r91D/WnFwULHvX
gllx6L4DnoB5Zq8+P+4B8m27VqgzaJAeIawXm0hXAl7E8UTUCXFCCUvuHmzVqHKl
dtAuA5z38boKKywg6U1HUhbuAmd8
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
issuer=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=d1st-admin@design1st.org
---
No client certificate CA names sent
---
SSL handshake has read 1497 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 032499DFB1AEF924C4359B63499B6566A02373A6BF24C029EB08A3B1D5FA4A1F
    Session-ID-ctx:
    Master-Key: E53F0F952B1E390113D5851A7BF6F0949D47804BF2E3ED0182914065792E2B12A17AAD2DA44BEB958E673C26AC26EFFD
    Key-Arg   : None
    Start Time: 1158862805
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS QUOTA AUTH=PLAIN] Dovecot ready.