checking IMAP connection. Based on that experimentation, it seems that when I try to verify certificate files with openssl, all checks out, but when I try to check thing through IMAPS, things go ugly (see log below).
If I try same openssl s_client command on my web server, it gets everything correctly. As result from this one, I've even tried to use certificate from my web server with IMAP and even then openssl keeps on saying that there is bad record mac.
Is this bug in dovecot's SSL handling or have I managed to mess something in my setup?
URLS: CA cert: http://jylitalo.homeip.net/ca/ca.crt IMAPD cert: http://jylitalo.homeip.net/ca/imapd.crt
[log starts]
bash-2.05a$ openssl verify -CAfile /usr/local/www/data/ca/ca.crt
/etc/ssl/certs/imapd.crt
/etc/ssl/certs/imapd.crt: OK
bash-2.05a$ openssl s_client -host localhost -port 993 -CAfile
/usr/local/www/data/ca/ca.crt -verify -debug
verify depth is 0
CONNECTED(00000003)
depth=1 /C=FI/ST=Finland/L=Helsinki/O=Juha Ylitalo/CN=Juha
Ylitalo/Email=jylitalo@iki.fi
verify return:1
depth=0 /C=FI/ST=Finland/O=Juha
Ylitalo/CN=coat.st-paul/Email=jylitalo@iki.fi
verify return:1
47169:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record
mac:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:1046:SSL alert number 20
47169:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_lib.c:226:
bash-2.05a$
[log ends]
-- Juha Ylitalo juha.o.ylitalo@nokia.com <work e-mail> +358 40 562 6152 http://linux.nokia.com/~jylitalo/ <work www>