Subject: TLS engine
To: None <tech-pkg@netbsd.org>
From: Sean Witham <sean.witham@webscreen-technology.com>
List: tech-pkg
Date: 11/21/2001 15:36:20
Some of you may have seen this post on the netbsd-help list. I have
taken over the problem installation from Brent and thought it would
be best discussed on the tech-pkg list as it seems to be a package
problem. Plus I have subscribed to this list *8-)
May I add that the problem with SSL/TLS sessions failing may be
related to the fact that the cyrus package is linking aginst two
libcrypto installations. One is the NetBSD-1.5.2 version and the
other is the version installed by the pakage openssl.
ldd /usr/pkg/cyrus/bin/imapd:
/usr/pkg/cyrus/bin/imapd:
-lcrypt.0 => /usr/lib/libcrypt.so.0
-lsasl.8 => /usr/pkg/lib/libsasl.so.8
-ldb3.2 => /usr/pkg/lib/libdb3.so.2
-lcrypto.0 => /usr/lib/libcrypto.so.0
-lcrypto.200 => /usr/pkg/lib/libcrypto.so.200
-lssl.200 => /usr/pkg/lib/libssl.so.200
-lc.12 => /usr/lib/libc.so.12
Has anyone any ideas ?
--Sean
-------------------------------------------------------
Subject: TLS engine:
To: netbsd-help <netbsd-help@netbsd.org>
From: Brent Newson <brent.newson@baldey.net>
List: netbsd-help
Date: 11/16/2001 13:27:53
Hi all can anyone please help with the following:
I have NetBSD 1.5.2 running the following relevant packages:
cyrus-imapd-2.0.16
perl-5.6.1nb6
db3-2.9.2
openssl-0.9.6nb2
cyrus-sasl-1.5.24nb3
All the packages have been set up with default configurations:
I can successfuly log into this mail server using imap on port 143 but
when i try and use imap over ssl i get the following error:
esme master[1529]: process 1539 exited, signaled to death by 11
Nov 16 13:02:35 esme imapd[1540]: TLS engine: cannot load CA data
Nov 16 13:02:35 esme imapd[1540]: starttls: TLSv1 with cipher (NONE)
(0/0 bits) no authentication
Nov 16 13:02:35 esme imapd[1540]: Undefined error: 0, closing
connection
When i try to use the imtest utility from cyrus i get the following:
bash-2.05# imtest -t "" localhost
C: C01 CAPABILITY
S: * OK esme.webscreen-technology.com Cyrus IMAP4 v2.0.16 server
ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5
X-NETSCAPE
S: C01 OK Completed
S01 OK Begin TLS negotiation now
Nov 16 13:07:51 esme imapd[1563]: TLS engine: cannot load CA data
Nov 16 13:07:51 esme imapd[1563]: TLS engine: No CA file specified.
Client side certs may not work
verify error:num=18:self signed certificate
Segmentation fault (core dumped)
Nov 16 13:07:51 esme imapd[1563]: starttls: TLSv1 with cipher (NONE)
(0/0 bits) no authentication
bash-2.05# Nov 16 13:07:51 esme imapd[1563]: Undefined error: 0,
closing
connection
My question is doesnt anyone have a clue why this is doing this? I
realise that it is reading in the cert that i have created and self
signed but then imtest itself core dumps. I have tried looking for a
way
to increase the debug level of either the cyrus-master or cyrus-imapd
daemon with no luck. Can some suggest a way that i can either run or
recompile cyrus with greater debugging power? I have used the same
package versions on a redhat 7.2 box the server works fine with imap
over ssl. any suggestions would be greatly appreciated!
--
Cheers
Brent