bug-mailutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] Can't seem to get imap4d STARTTLS working


From: Chris Hall
Subject: [bug-mailutils] Can't seem to get imap4d STARTTLS working
Date: Thu, 31 May 2012 03:28:25 -1000

Server running Debian Squeeze, client running Ubuntu 12.04

GNU Mailutils 2.99.96 on both server and client machines.

mailutils.rc on server:
tls {
       # Enable TLS support.
       enable 1;
       # Specify SSL certificate file.
       ssl-cert /etc/exim4/imap.crt;
       # Specify SSL certificate key file.
       ssl-key /etc/exim4/imap.key;
       # Specify trusted CAs file.
       #ssl-cafile FILE;
     }

Have Exim4 running on server, using exim-supplied script to generate crt and key files. Copied them and changed group read permission, so that imap4d will advertise STARTTLS when queried with CAPABILITY.

So far, so good.

But when I try to STARTTLS with imap4d, it seems to choke and fall over.

"How about trying 'mu imap'?", you say?  Okay!

~$ mu imap
imap> connect workingdroid.com
imap> capability
CAPA: IMAP4rev1
CAPA: NAMESPACE
CAPA: ID
CAPA: IDLE
CAPA: LITERAL+
CAPA: UNSELECT
CAPA: STARTTLS
CAPA: AUTH=ANONYMOUS
CAPA: AUTH=EXTERNAL
CAPA: AUTH=LOGIN
CAPA: AUTH=PLAIN
CAPA: AUTH=SECURID
CAPA: AUTH=DIGEST-MD5
CAPA: AUTH=CRAM-MD5
CAPA: AUTH=SCRAM-SHA-1
imap> starttls
mu: starttls failed: Operation failed
mu: server reply: STARTTLS Begin TLS negotiation
imap> 

When I try against Exim, I get:

~$ openssl s_client -connect workingdroid.com:25 -starttls smtp
-- snip --
SSL handshake has read 1784 bytes and written 587 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: BAFE6111D6FF8B355690E1FCABD40AA0581166309B9D032CF90F657978A5B0EB
    Session-ID-ctx: 
    Master-Key: 6CC657F241B4E26FF7888BAC74D8B9690AA4439590790BBAAAAEB2CAD8480FFF2C5BCD57CC75AA63DE2F7A5466EF5EDF
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1338467840
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 HELP
BYE
HEARTBEATING

I'm not an expert, but that looks like it worked?  So the key seems to be OK, because I'm using a brand new digital copy of it for Mailutils!

Now, when I try against imap4d:

~$ openssl s_client -connect workingdroid.com:143 -starttls imap -state -debug
-- snip --
SSL_connect:unknown state
read from 0xa0dab78 [0xa0e0120] (7 bytes => 0 (0x0))
3078318280:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 260 bytes and written 252 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I googled the OpenSSL "error:140790E5", without much success.  One issue seemed to think key sizes larger than 1024 were an issue, but according to the info in the Exim output, the key size *is* 1024.

Any thoughts would be greatly appreciated -- I'm many hours into this issue already.

TIA,

Chris Hall


P.S. Sometimes when this happens, my server ends up with 2 copies of imap4d running.  The mail.info log shows imap4d terminating, then somehow starting again.

P.P.S. Even when I start imap4d as follows:

imap4d --set=transcript=yes -d --debug-level="auth.trace2;remote.trace6"

I get *no* extra ouput in the logs?  Is there something else I need to add to get this debug info?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]