Re: [Dovecot] SSL_accept failed

10 Sep 2006

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi tim,

-- On September 9, 2006 4:24:37 PM -0700  Timothy Martin
<instanttim@mac.com> wrote:

...
So thunderbird actually seems to work fine, but Mail.app doesn't.
to be honest, that doesn't surprise me.
personally, i've given up trusting Mail.app with any 'serious' imap
usage.  "mebbe sumday" ...
that said, imho, there's no more robust imap client (well, gui-client,
anyway) than Mulberry (http://mulberrymail.com).  if only cuz the
author, Cyrus Daboo, is about as 'authoritative' as it gets.
my $0.02, ymmv, caveat emptor, etc etc ...
...
I get the warning from thunderbird about the self-signed cert, but
mail.app doesn't give me any warning at all. I'm used to getting the
warning from Mail.app when i use my courier imap server... which
works just fine with my self-signed certs.
i've been led astray by "works just fine"
...
Do you think it makes a difference how you created the cert?
short answer: yes.
forget an -x509 here, mix up a -out and a -keyout, etc & you'll like
get a cert, that even "works" -- initially & kinda sorta ...
...
Over the
years i've found two different ways to do it. One way involves making
the CA cert and creating a CSR and it's many many steps.
which, ultimately, is what i've come to depend on.  i've forced myself
to understand what's going on in each step.
because, at my age ;-) my memory's failing, i've got it all wrapped up
in a script specific to my $ENV & dir_structure.
...
But
alternatively I found that I can normally do it in a single step like
so:
openssl req -x509 -newkey rsa:2048 -keyout private/dovecot.key -out
certs/dovecot.cert -days 365 -nodes
But admittedly, despite reading many a source on certs and ssl I
really don't understand the finer points of it.
amen to that.  but, if you're gonna depend on this AND diy, you really
have little choice ...
you haven't referenced that you've tested the certs, or viewed them in
detail in mulberry/thunderbird or shell, for that matter ...
if you haven't, again, i'd simply suggest that you do.
g'luck!
...
.tim

/"

\ /  ASCII Ribbon Campaign
X   against HTML email, vCards
/ \  & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iEYEARECAAYFAkUDUfwACgkQlffdvTZxCMbxuACfWVpX5jfMntUqyLAlAplpFYX0
9twAnAn1KLWjmIkvlPnY5FRb9rskGQUH
=3IZg
-----END PGP SIGNATURE-----