Date: Mon, 26 Feb 2018 17:26:51 -0500 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: Re: How to configure cyrus-imapd3 to use /etc/passwd Message-ID: <5b4161d09f0a601399bb35b06bd31c9d.squirrel@webmail.harte-lyne.ca> In-Reply-To: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca> References: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, February 26, 2018 16:53, James B. Byrne wrote: > Checking the ssl connection I get this result: > openssl s_client -connect localhost:993 > CONNECTED(00000003) > write:errno=54 > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 307 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1519681228 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > > This seems, to me, to return success from the standpoint of > establishing an ssl connection. > Actually, no, this is telling me something else entirely. I tried to view the certificate assigned to this host and got this: # openssl s_client -showcerts -connect localhost:993 connect: Connection refused connect:errno=61 I suspect that there is something wrong with the certificates used by this host. And I have a reasonable idea as to what that problem is. The host name does not match that on the certificate. Does anybody out there want a small perl gig to get an old piece of software running again on FreeBSD-11. # perl -v This is perl 5, version 24, subversion 3 (v5.24.3) built for amd64-freebsd-thread-multi It runs fine on CentOS-6. # perl -v This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi I use it to manage our PKI certificates. If I have to then I will load a VM with CentOS-6 and run it there. But I would rather have it run natively on FreeBSD. The code is available at https://github.com/byrnejb/rcsp. This is a real offer. I do not have time to learn what changed between 5.10 and 5.20. If someone will get this working for me then I will pay them a reasonable fee; to be negotiated in advance and paid upon successful completion. Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5b4161d09f0a601399bb35b06bd31c9d.squirrel>