[Dovecot] Enabling even more debug info for SSL/TLS handling during handshaking?
Dmitry Samersoff
dms at samersoff.net
Thu Mar 19 23:20:25 EET 2009
Johan,
As far as cert negotiation happens on very early stages of protocol just
write as small program with as many debugging as you want.
-Dmitry
Johan Persson wrote:
> Hi,
>
>> t's not easily reproducible?
>
> Yes, this is 100% reproducible if you use the "Accept certificate permanently"
> when the client receives the warning that the certificate on the server is not
> trusted.
>
> The strange thing is that if you instead use "Accept certificate only this
> time" then it works
>
>>> Since we have no access to the certificate (SSL/TLS) handling code we are a
>>> bit at loss here and have to "proof" to "the other" guys in Finland thatc
> it's
>>> there fault :-)
>
>> You mean a bug in S60 libraries?
> Yep. Since it seems that the server receives some erronous messages
>
>> verbose_ssl=yes makes Dovecot log all errors/warnings that OpenSSL can
> Yes, this is already enabled
>
>> http://crypto.stanford.edu/~eujin/sslsniffer/index.html
> Will have a look at this.
>
> Thanks!
> Johan
>
--
Dmitry Samersoff
dms at samersoff.net, http://devnull.samersoff.net
* There will come soft rains ...
More information about the dovecot
mailing list