From owner-freebsd-questions@freebsd.org  Mon Feb 26 22:26:56 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DF2BF2823F
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 26 Feb 2018 22:26:56 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca
 [216.185.71.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "inet08.hamilton.harte-lyne.ca",
 Issuer "CA_HLL_ISSUER_2016" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 99A5D6DAC2
 for <freebsd-questions@freebsd.org>; Mon, 26 Feb 2018 22:26:55 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from localhost (localhost [127.0.0.1])
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id DC7186254B
 for <freebsd-questions@freebsd.org>; Mon, 26 Feb 2018 17:26:54 -0500 (EST)
X-Virus-Scanned: amavisd-new at harte-lyne.ca
Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1])
 by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id MQ25Tf1j0JRX for <freebsd-questions@freebsd.org>;
 Mon, 26 Feb 2018 17:26:51 -0500 (EST)
Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca
 [216.185.71.24])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 015FB624F5
 for <freebsd-questions@freebsd.org>; Mon, 26 Feb 2018 17:26:50 -0500 (EST)
Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll)
 by webmail.harte-lyne.ca with HTTP; Mon, 26 Feb 2018 17:26:51 -0500
Message-ID: <5b4161d09f0a601399bb35b06bd31c9d.squirrel@webmail.harte-lyne.ca>
In-Reply-To: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca>
References: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca>
Date: Mon, 26 Feb 2018 17:26:51 -0500
Subject: Re: How to configure cyrus-imapd3 to use /etc/passwd
From: "James B. Byrne" <byrnejb@harte-lyne.ca>
To: freebsd-questions@freebsd.org
Reply-To: byrnejb@harte-lyne.ca
User-Agent: SquirrelMail/1.4.22-5.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 22:26:56 -0000


On Mon, February 26, 2018 16:53, James B. Byrne wrote:

> Checking the ssl connection I get this result:
> openssl s_client -connect localhost:993
> CONNECTED(00000003)
> write:errno=54
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 307 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1519681228
>     Timeout   : 300 (sec)
>     Verify return code: 0 (ok)
> ---
>
> This seems, to me, to return success from the standpoint of
> establishing an ssl connection.
>

Actually, no, this is telling me something else entirely.  I tried to
view the certificate assigned to this host and got this:

# openssl s_client -showcerts -connect localhost:993
connect: Connection refused
connect:errno=61

I suspect that there is something wrong with the certificates used by
this host.  And I have a reasonable idea as to what that problem is. 
The host name does not match that on the certificate.

Does anybody out there want a small perl gig to get an old piece of
software running again on FreeBSD-11.

# perl -v

This is perl 5, version 24, subversion 3 (v5.24.3) built for
amd64-freebsd-thread-multi


It runs fine on CentOS-6.

# perl -v

This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi


I use it to manage our PKI certificates.  If I have to then I will
load a VM with CentOS-6 and run it there.  But I would rather have it
run natively on FreeBSD.  The code is available at
https://github.com/byrnejb/rcsp.

This is a real offer. I do not have time to learn what changed between
5.10 and 5.20. If someone will get this working for me then I will pay
them a reasonable fee; to be negotiated in advance and paid upon
successful completion.

Thanks,

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3