similar to: No CA names sent in TLS handshake

Hello, As far as I can read in the Dovecot SSL configuration wiki page, each CA cert must be followed by the related CA CRL in the client certificate verification context ("ssl_ca_file" setting). In my company we do have our own PKI and as soon as Client certificate is compromised we do revoke it and update the related CA's CRL. Does that mean that I have to issue a new

Hi, i am trying to setup dovecot over ssl in the last couple days unsuccessfully My notes are from here: http://wiki.dovecot.org/SSL My OpenSSL commands are: mkdir -pv /opt/certificates/dovecot/ cd !$ (just to prevent questions about Common Name) [ebal at myhome:~]? hostname myhome openssl req -new -x509 -nodes -out dovecot.crt -keyout dovecot.key -days 1825 # Country Name (2 letter code)

Hi, I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash. What was going on is this: In

Hello, we're running RC2 and seeing a problem with the way SSL certs are handled by Dovecot. We've set ssl_verify_client_cert=yes and ssl_require_valid_client_cert=no. Using this setup we get (rather interesting) log entries like these: Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <user cert> Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <CA

Hi, I am a system admin and I am evaluating using dovecot as our email server. In my test, I found that if I telneted to 993 port and did not do anything or I telneted to 143 port, sent starttls command and then did not do anything, the connection stayed forever without timeout. This will make our mail server vulnerable to DOS attack. I dig into dovecot Wiki and did not find any solution. This

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, i've built dovecot latest cvs on OSX 10.4.7. i'm making a 1st attempt @ trying/failing to get TLS operation up-n-running ... my install's OK: Install prefix ...................... : /usr/local/dovecot File offsets ........................ : 64bit I/O loop method ..................... : poll File change notification method

dovecot-2.0.9 on CentOS 6.7 The system in question is not connected to the Internet, so I can't copy-and-paste. I have to type anything required :-( Brand-new out-of-the-box install with a really minimal dovecot.conf including: service imap-login { inet_listener imaps { address = 192.168.1.10 port = 143 ssl = yes } } ssl_cert=</etc/pki/tls/certs/dovecot.pem

I'm running Ubuntu 10.04, recently upgraded. My dovecot version is 1.2.9. My SSL/TLS authentication with dovecot from non-local IP's has stopped working, and I can no longer access my mail securely. I have changed all entries to refer to my server as "host". I am the only user, and am OK with the a self-signed cert. When I try to connect using Thunderbird, the certificate

I've read the client ssl cert section in the wiki and it talks about using a self signed cert, if I am using a commercial cert, in this case godaddy, how do I implement a self signed cert for the client side and have dovecot make use of this? I know the mechanics of setting up the self signed ca, the question is more what configuration changes do I need to make in dovecot to handle both

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

On 24/04/2015 22:17, Hanno B?ck wrote: Hello, > I tracked down a tricky bug in dovecot that can cause the imap-login > and pop3-login processes to crash on handshake failures. > This can be tested by disabling SSLv3 in the dovecot config > (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and > forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This

This issue is peripherally related to the following thread Re: [Dovecot] client certs with godaddy ssl cert This is running on CentOS 5.2 with latest Atrpms for Dovecot as of this weekend. # rpm -qa | grep dovecot dovecot-sieve-1.1.5-8.el5 dovecot-1.1.4-0_81.el5 With assistance from Rainer Frey (Inxmail GmbH), I am able to successfully use client ssl certs for imap access on both my Nokia

On 04/25/2015 11:55 AM, James wrote: > On 24/04/2015 22:17, Hanno B?ck wrote: > > Hello, > >> I tracked down a tricky bug in dovecot that can cause the imap-login >> and pop3-login processes to crash on handshake failures. >> This can be tested by disabling SSLv3 in the dovecot config >> (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and

Today I've been trying to get dovecot (1.0 rc2) to use certificates for client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType,

Hello, I am getting errors when doing a make clean under /usr/src, I have always done this before doing a make world, and never a problem. I have tried deleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o

Hello, I'm experiencing a weird problem doing "make clean" in "/usr/src". It happens on a couple of FreeBSD 4.8-RELEASE machines (RELENG_4_8 to be precise). Cvsup, build & install phases all went fine, just "make clean" went wrong. I tried rm-ing the incriminated subdirectory and even rm-ing the checkout.cvs:RELENG_4_8 file and re-cvsupping but nothing

Hello Anyone here tried to use palm pre built-in email client with imap server (TLS)? Mine does not work; only one line in the log. imap-login: Disconnected (no auth attempts): rip=xxx.xxx.19.21, lip=xxx.yyy.zzz.aaa dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.9-42.ELsmp i686 Red Hat Enterprise Linux ES release 4 (Nahant Update 8) ext3 base_dir: /var/run/dovecot

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

Hi After upgrading the kernel, everything is fine, except dovecot authentication. I get this trange thing (data after REQUEST? changed just in case it contains anything sensitive): Nov 29 16:56:01 volanges dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?6970356762?616?6?235264ef69dbd1665538af54d12fdaea?session_pid=453?req... Nov 29 16:56:01 volanges

I have noticed that OpenSSH clients (at least version 5.1p1) occasionally send an RSA signature during the handshake phase such that if the RSA key pair used to generate it happens to be associated to an N-byte long modulus, the signature is N - 1 bytes long. My question is, Is this behavior correct? I mean, an RSA signature is an unstructured byte string, and therefore any leading zeros should be