[Dovecot] SSL with startssl.com certificates

Bruno Tréguier Bruno.Treguier at shom.fr
Mon Oct 7 20:57:15 EEST 2013


Le 06/10/2013 à 22:42, Dan Langille a écrit :
> After a long delay, I'm ready to tackle this again.

[...]
> Testing via the command line gives:
> 
> $ openssl s_client -connect imaps.unixathome.org:993 
> CONNECTED(00000003)
> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0

Ok, this is fine, and different from the result you were getting a few
weeks ago. Your cert chain is ok, it seems. The "errornum=19:self signed
certificate in certificate chain" is a "normal" errot, due to the fact
that you didn't tell openssl where to find a list of valid root certs.


> All looks good.
> 
> /var/log/maillog shows:
> 
> Oct  6 20:06:28 imaps dovecot: imap-login: Login: user=<dan>, method=PLAIN, rip=98.111.147.220, lip=199.233.228.197, mpid=81052, TLS, session=<fYUwEhjoVgBib5Pc>
> Oct  6 20:08:21 imaps dovecot: imap(dan): Disconnected: Logged out in=26 out=691
> 
> 
> I have Thunderbird working just fine on my Macbook.
> 
> But my goal is mail.app on my iPhone and my Macbook.  When they try to connect, the mail server logs are:
> 
> Oct  6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220]
> Oct  6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session=<Ux8HRBjo7QBib5Pc>
> 
> Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation.  That's my current IMAP server.  I'm moving to another server and failing so far.
> 
> Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1.

Well, sorry but no further suggestions as far as I'm concerned then,
except that some people tend to think that mail.app is pretty crappy and
behaves quite strangely in certain situations...

Best regards,

Bruno

-- 
- Service Hydrographique et Oceanographique de la Marine  -  DMGS/INF
-  13, rue du Chatellier -  CS 92803  - 29228 Brest Cedex 2, FRANCE
-     Phone: +33 2 98 22 17 49  -  Email: Bruno.Treguier at shom.fr


More information about the dovecot mailing list