search for: client_proxy

...quire_crl = no" dovecot will use CRLs but tries to ignore openssl error codes X509_V_ERR_UNABLE_TO_GET_CRL and X509_V_ERR_CRL_HAS_EXPIRED. This is done in ssl_verify_client_cert() in ssl-proxy-openssl.c line 871, namely i_info("proxy=%d, require_crl=%d, error=%d", proxy->client_proxy, proxy->set->ssl_require_crl, ctx->error ); if (proxy->client_proxy && !proxy->set->ssl_require_crl && (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL || ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)) { /* no CRL given with the CA list. don't wor...

imap-login processes are hanging (using 100% of CPU) when connected from a client that is partially blocked by a firewall. It appears that imap-login is stuck in a loop trying to complete an ssl handshake. imap-login is working fine for other clients not blocked by the firewall (including localhost). This is dovecot 2.1.10 under Mac OS X 10.8.2 (compiled from sources); the firewall is Little

On December 5, 2012 2:07:14 AM PST, Ben Morrow <ben at morrow.me.uk> wrote: > At 1AM -0800 on 5/12/12 Erik A Johnson wrote: >> FYI, the tcpdump I sent previously was with one of our >> previously-discussed patches in place: >> >> if (!proxy->client_proxy && net_geterror(proxy->fd_ssl) == EBADF) { >> >> I'm attaching that dump again (as >> tcpdump_output_witholdpatch_headeronly.txt), as well as a dump without >> any of the patches (tcpdump_output_withoutpatches_headeronly.txt) in >> case there is any dif...