No subject


Mon Feb 25 18:59:26 EET 2013


checking IMAP connection. Based on that experimentation, it seems that
when I try to verify certificate files with openssl, all checks out, but
when I try to check thing through IMAPS, things go ugly (see log below).

If I try same openssl s_client command on my web server, it gets
everything correctly. As result from this one, I've even tried to use
certificate from my web server with IMAP and even then openssl keeps on
saying that there is bad record mac.

Is this bug in dovecot's SSL handling or have I managed to mess
something in my setup?

URLS:
CA cert: http://jylitalo.homeip.net/ca/ca.crt
IMAPD cert: http://jylitalo.homeip.net/ca/imapd.crt

[log starts]
bash-2.05a$ openssl verify -CAfile /usr/local/www/data/ca/ca.crt
/etc/ssl/certs/imapd.crt
/etc/ssl/certs/imapd.crt: OK
bash-2.05a$ openssl s_client -host localhost -port 993 -CAfile
/usr/local/www/data/ca/ca.crt -verify -debug                  
verify depth is 0
CONNECTED(00000003)
depth=1 /C=FI/ST=Finland/L=Helsinki/O=Juha Ylitalo/CN=Juha
Ylitalo/Email=jylitalo at iki.fi
verify return:1
depth=0 /C=FI/ST=Finland/O=Juha
Ylitalo/CN=coat.st-paul/Email=jylitalo at iki.fi
verify return:1
47169:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record
mac:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:1046:SSL alert number 20
47169:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_lib.c:226:
bash-2.05a$ 
[log ends]

-- 
Juha Ylitalo       juha.o.ylitalo at nokia.com           <work e-mail>
+358 40 562 6152   http://linux.nokia.com/~jylitalo/  <work www>




More information about the dovecot mailing list