checking IMAP connection. Based on that experimentation, it seems that
when I try to verify certificate files with openssl, all checks out, but
when I try to check thing through IMAPS, things go ugly (see log below).
If I try same openssl s_client command on my web server, it gets
everything correctly. As result from this one, I've even tried to use
certificate from my web server with IMAP and even then openssl keeps on
saying that there is bad record mac.
Is this bug in dovecot's SSL handling or have I managed to mess
something in my setup?
URLS:
CA cert: http://jylitalo.homeip.net/ca/ca.crt
IMAPD cert: http://jylitalo.homeip.net/ca/imapd.crt
[log starts]
bash-2.05a$ openssl verify -CAfile /usr/local/www/data/ca/ca.crt
/etc/ssl/certs/imapd.crt
/etc/ssl/certs/imapd.crt: OK
bash-2.05a$ openssl s_client -host localhost -port 993 -CAfile
/usr/local/www/data/ca/ca.crt -verify -debug
verify depth is 0
CONNECTED(00000003)
depth=1 /C=FI/ST=Finland/L=Helsinki/O=Juha Ylitalo/CN=Juha
Ylitalo/Email=jylitalo at iki.fi
verify return:1
depth=0 /C=FI/ST=Finland/O=Juha
Ylitalo/CN=coat.st-paul/Email=jylitalo at iki.fi
verify return:1
47169:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record
mac:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:1046:SSL
alert number 20
47169:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_lib.c:226:
bash-2.05a$
[log ends]
--
Juha Ylitalo juha.o.ylitalo at nokia.com <work e-mail>
+358 40 562 6152 http://linux.nokia.com/~jylitalo/ <work www>
