Theodore Wynnychenko <tmw@uchicago.edu> wrote:
> Hi (again):
>
> After updating to current yesterday, and then updating all the packages
> (using "pkg_add -vui -Dsnap"), I can no longer connect to the ssl (993) port
> of the courier-imap server running on the system.
>
> Prior to the update, ssl connections were working without an issue.
>
it's working fine for me with:
$ ldd /usr/local/bin/couriertls | grep ssl
000011ae13a38000 000011ae13a9c000 rlib 0 1 0 /usr/lib/libssl.so.48.0
and
OpenBSD 6.6-current (GENERIC.MP) #425: Fri Nov 1 23:49:35 MDT 2019
there is a libssl bump ongoing, maybe you should rebuild courier-imap
from ports or wait for next packages.
does "openssl s_client -connect 127.0.0.1:993" works as expected
and show you the correct certificate ?
> Now, when trying to connect, the client gets a "A secure connection to the
> server cannot be established" message.
>
> On the server, I see the following in the log for each ssl connection
> attempt:
>
> Nov 2 07:40:38 host imapd-ssl: ip=[::ffff:127.0.0.1], couriertls:
> /etc/ssl/private/imapd.pem: error:02FFF00D:system
> library:func(4095):Permission denied
>
> Nov 2 07:40:38 host imapd-ssl: ip=[::ffff:127.0.0.1], couriertls:
> /etc/ssl/private/imapd.pem: error:20FFF002:BIO
> routines:CRYPTO_internal:system lib
>
> The packages for courier currently installed are:
>
> pkg_info | grep courier
> courier-authlib-0.69.1 authentication library for courier
> courier-authlib-mysql-0.69.1 mysql authentication module for
> courier-authLib
> courier-imap-5.0.8 imap server for maildir format mailboxes
> courier-pop3-5.0.8 pop3 server for maildir format mailboxes
> courier-unicode-2.1 courier unicode library
>
> I did not make any changes to the /etc/courier/imapd-ssl configuration file.
> What was working for me before was:
> cat imapd-ssl |grep -v ^$ | grep -v ^#
> SSLPORT=993
> SSLADDRESS=0
> MAXDAEMONS=500
> MAXPERIP=100
> SSLPIDFILE=/var/run/courier/imapd-ssl.pid
> SSLLOGGEROPTS="-name=imapd-ssl"
> IMAPDSSLSTART=YES
> IMAPDSTARTTLS=NO
> IMAP_TLS_REQUIRED=0
> COURIERTLS=/usr/local/bin/couriertls
> TLS_CERTFILE=/etc/ssl/private/imapd.pem
> TLS_DHPARAMS=/etc/ssl/private/imapd.pem
> TLS_TRUSTCERTS=/etc/ssl/CA/cacert.pem
> TLS_VERIFYPEER=NONE
> MAILDIRPATH=Maildir
>
> Anyway, I don't know what the error lines really mean. I am wondering if it
> is something do with the "interface" between courier and the ssl libraries.
> I have tried "exploring" the web on this over the last 24 hours, but have
> been unable to find anything to point me in any direction.
>
> As this is an "internal" mail-server, I just re-enabled the non-ssl
> connection, so I can still connect to my mail.
>
> But, I am wondering if there is anything that I could do to resolve this
> ssl-connection issue.
>
> Thanks (again)
> Ted
>
>
>
No comments:
Post a Comment