Subject: TLS engine:
To: netbsd-help <netbsd-help@netbsd.org>
From: Brent Newson <brent.newson@baldey.net>
List: netbsd-help
Date: 11/16/2001 13:27:53
Hi all can anyone please help with the following: 

I have NetBSD 1.5.2 running the following relevant packages: 

cyrus-imapd-2.0.16 
perl-5.6.1nb6       
db3-2.9.2          
openssl-0.9.6nb2    
cyrus-sasl-1.5.24nb3 

All the packages have been set up with default configurations: 

I can successfuly log into this mail server using imap on port 143 but
when i try and use imap over ssl i get the following error: 

esme master[1529]: process 1539 exited, signaled to death by 11 
Nov 16 13:02:35 esme imapd[1540]: TLS engine: cannot load CA data 
Nov 16 13:02:35 esme imapd[1540]: starttls: TLSv1 with cipher (NONE)
(0/0 bits) no authentication 
Nov 16 13:02:35 esme imapd[1540]: Undefined error: 0, closing connection

When i try to use the imtest utility from cyrus i get the following: 

bash-2.05# imtest -t "" localhost 
C: C01 CAPABILITY 
S: * OK esme.webscreen-technology.com Cyrus IMAP4 v2.0.16 server ready 
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 X-NETSCAPE
S: C01 OK Completed 
S01 OK Begin TLS negotiation now 
Nov 16 13:07:51 esme imapd[1563]: TLS engine: cannot load CA data 
Nov 16 13:07:51 esme imapd[1563]: TLS engine: No CA file specified.
Client side certs may not work 
verify error:num=18:self signed certificate 
Segmentation fault (core dumped) 
Nov 16 13:07:51 esme imapd[1563]: starttls: TLSv1 with cipher (NONE)
(0/0 bits) no authentication 
bash-2.05# Nov 16 13:07:51 esme imapd[1563]: Undefined error: 0, closing
connection 

My question is doesnt anyone have a clue why this is doing this? I
realise that it is reading in the cert that i have created and self
signed but then imtest itself core dumps. I have tried looking for a way
to increase the debug level of either the cyrus-master or cyrus-imapd
daemon with no luck. Can some suggest a way that i can either run or
recompile cyrus with greater debugging power? I have used the same
package versions on a redhat 7.2 box the server works fine with imap
over ssl. any suggestions would be greatly appreciated! 

-- 
Cheers

Brent