GNU Mailutils 2.99.96 on both server and client machines.
mailutils.rc on server:
tls {
# Enable TLS support.
enable 1;
# Specify SSL certificate file.
ssl-cert /etc/exim4/imap.crt;
# Specify SSL certificate key file.
ssl-key /etc/exim4/imap.key;
# Specify trusted CAs file.
#ssl-cafile FILE;
}
Have Exim4 running on server, using exim-supplied script to generate crt and key files. Copied them and changed group read permission, so that imap4d will advertise STARTTLS when queried with CAPABILITY.
So far, so good.
But when I try to STARTTLS with imap4d, it seems to choke and fall over.
"How about trying 'mu imap'?", you say? Okay!
~$ mu imap
imap> capability
CAPA: IMAP4rev1
CAPA: NAMESPACE
CAPA: ID
CAPA: IDLE
CAPA: LITERAL+
CAPA: UNSELECT
CAPA: STARTTLS
CAPA: AUTH=ANONYMOUS
CAPA: AUTH=EXTERNAL
CAPA: AUTH=LOGIN
CAPA: AUTH=PLAIN
CAPA: AUTH=SECURID
CAPA: AUTH=DIGEST-MD5
CAPA: AUTH=CRAM-MD5
CAPA: AUTH=SCRAM-SHA-1
imap> starttls
mu: starttls failed: Operation failed
mu: server reply: STARTTLS Begin TLS negotiation
imap>
When I try against Exim, I get:
-- snip --
SSL handshake has read 1784 bytes and written 587 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: BAFE6111D6FF8B355690E1FCABD40AA0581166309B9D032CF90F657978A5B0EB
Session-ID-ctx:
Master-Key: 6CC657F241B4E26FF7888BAC74D8B9690AA4439590790BBAAAAEB2CAD8480FFF2C5BCD57CC75AA63DE2F7A5466EF5EDF
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1338467840
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 HELP
BYE
HEARTBEATING
I'm not an expert, but that looks like it worked? So the key seems to be OK, because I'm using a brand new digital copy of it for Mailutils!
Now, when I try against imap4d:
-- snip --
SSL_connect:unknown state
read from 0xa0dab78 [0xa0e0120] (7 bytes => 0 (0x0))
3078318280:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 260 bytes and written 252 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I googled the OpenSSL "error:140790E5", without much success. One issue seemed to think key sizes larger than 1024 were an issue, but according to the info in the Exim output, the key size *is* 1024.
Any thoughts would be greatly appreciated -- I'm many hours into this issue already.
P.P.S. Even when I start imap4d as follows:
I get *no* extra ouput in the logs? Is there something else I need to add to get this debug info?