este raz - imap-uw

Kurnava, Martin martin.kurnava at toma.sk
Thu Mar 4 08:26:22 CET 2004

Previous message: IPFW
Next message: este raz - imap-uw
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>Pokud imapd posloucha na imap4 tak nepousti SSL a na imaps ho ocekava 
>>>(stejne jako http a https pro httpd).
>> 
>> zvlastne chovanie vzhladom na komilacny parameter WITH_SSL_AND_PLAINTEXT
>> 
>Me to chovani pripada uplne normalni a ani nevim jak by se podle vas mel 
>imapd chovat jinak :)
Ako sa bude chovat, ked ho pustim na porte XZY ? Pojde cez SSL, alebo nie
...

> Nemate inetd spusteny s parametrem -a IP_adresa?
--------------------------------------------------------------
root     inetd      382    4 tcp4   *:110                 *:*

root     inetd      382    5 tcp4   *:993                 *:* 
--------------------------------------------------------------   

>Tak si to doctete do konce, to plati obecne ne jen pro tento pripad.
Obavam sa, ze mi ten dokument nic nove nepovedal. Ak chodi SSH, tak SSL by
malo byt funkcne. Nie ?
--------------------------------------------------
server# telnet 10.1.1.100 22
Trying 10.1.1.100...
Connected to server.netport.sk.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.4p1 FreeBSD-20020702

> Co vrati "grep -i imaps /etc/services" ?
--------------------------------------------------
imaps           993/tcp                 # imap4 protocol over TLS/SSL
imaps           993/udp

> Co vrati "grep imapd /etc/inetd.conf" ?
--------------------------------------------------
#imap4  stream  tcp     nowait  root    /usr/local/libexec/imapd
imapd
imaps   stream  tcp     nowait  root    /usr/local/libexec/imapd
imapd

>Jeste me napadlo: Mate zkompilovanou knihovnu c-client s podporou SSL?
>Resp. objevi se ve vypisu:
>ldd /usr/local/lib/libc-client4.so
>i knihovna libssl?
----------------------------------------------------------
server# ldd /usr/local/lib/libc-client4.so
/usr/local/lib/libc-client4.so:
        libpam.so.1 => /usr/lib/libpam.so.1 (0x281ad000)
---------------------------------------------------------
noo ... 


Nebude to cele iba o zlom certifikate ? Z tohto vypliva, ze SSL-ko nevie
najst certifikat, alebo kluc ? 
---------------------------------------------------------
server# openssl s_client -connect server:993 -showcerts -state -CAfile
imapd.pem
715:error:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b
ss_file.c:104:fopen('imapd.pem','r')
715:error:2006D002:BIO routines:BIO_new_file:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil
e.c:106:
715:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_fil
e.c:273:
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
715:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23
_lib.c:228:
server#
---------------------------------------------------------

Vypis adresara /usr/local/certs.
-------------------------------------
server# cd /usr/local/certs
server# ls -l
total 2
-rw-r-----  1 root  wheel  1880 28 feb 00:42 imapd.pem
lrwxr-xr-x  1 root  wheel    26 28 feb 00:42 ipop3d.pem ->
/usr/local/certs/imapd.pem
server#
--------------------------------------

Previous message: IPFW
Next message: este raz - imap-uw
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list