Hi,
I just upgraded to lenny and found that my imap SSL connection no
longer works.
maia:~$ telnet -z ssl mail.utsl.gen.nz 993
Trying 202.78.240.73...
SSL_connect: Success
maia:~$
In Evolution this manifested as "Error while Refreshing folder", and
clicking on the little alert triangle that appears in the bottom left
it then says "Server unexpectedly disconnected: Input/output error"
I downgraded to the etch courier-imap-ssl package, then re-upgraded,
keeping the old config file - which worked. I eventually worked out
that the new TLS_TRUSTCERTS option was triggering the issue.
Also, I saw this error message in /var/log/mail.log:
Oct 16 11:12:49 mail imapd-ssl: couriertls: connect: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
Removing the /var/lib/courier/couriersslcache file did not resolve
this, however removing all of the hashed certs in /usr/lib/ssl/certs
fixed it.
maia:~$ telnet -z ssl mail.utsl.gen.nz 993
Trying 202.78.240.73...
Connected to mail.utsl.gen.nz.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
^]
telnet> close
maia:~$
Workarounds:
1. remove hashed certificates in /usr/lib/ssl/certs
rm /usr/lib/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]*
2. disable TLS_TRUSTCERTS in /etc/courier/imapd-ssl
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.16.x
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages courier-imap-ssl depends on:
di courier-imap 4.4.0-2 Courier mail server - IMAP server
ii courier-ssl 0.60.0-2 Courier mail server - SSL/TLS Supp
ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a
courier-imap-ssl recommends no packages.
Versions of packages courier-imap-ssl suggests:
pn courier-doc <none> (no description available)
ii mutt [imap-client] 1.5.18-4 text-based mailreader supporting M
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org