On Thu, 29 May 2003, Robert Spier wrote:
BTW. OpenSSL problems can be fixed by using GNUTLS instead. I'll try to figure out the openssl some day though.
Or, if you don't need STARTTLS, you can use stunnel.
Even if you do need STARTTLS, you can still use stunnel, albiet a slightly modified one. Scott Gifford wrote the patches, which can be found here:
http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/stunnel-tlsproxy.html
Here's my supervise run script:
#!/bin/sh
eval $(/usr/local/bin/envdir ./runenv /usr/bin/env)
exec 2>&1
# Ensure that PRNG is adequately seeded.
[ -s ./ssl/seed ] ||
/usr/local/bin/envuidgid stunnel
/bin/dd if=/dev/urandom of=./ssl/seed bs=1k count=1
exec
softlimit -m "${ulimitdata:-20000000}"
tcpserver -d
-H
-R
-v
-X
-c "${concurrency:-20}"
-x imap.tcprules.cdb
0 imap
makesock
stunnel
-/ ssl
-s "$SSLUID"
-g "$SSLGID"
-N imap
-i
-R seed
-p imapd.pem
-n imap-
-f
-F 3
-makesock_connect_to
/usr/local/bin/envdir ./imapfront.env
/usr/bin/imapfront-auth
"${imapdpath:-/usr/libexec/dovecot/imap}"
-- Charlie Brady charlie_brady@mitel.com