From novosirj+imapproxy at umdnj.edu Mon Mar 6 07:48:55 2006 From: novosirj+imapproxy at umdnj.edu (Ryan Novosielski) Date: Mon, 06 Mar 2006 10:48:55 -0500 Subject: [imapproxy] Problems with CA and force_tls Message-ID: <440C59E7.4040303@umdnj.edu> I have installed imapproxy v1.2.4 with the following config-file: server_hostname cache_size 3072 listen_port 143 server_port 143 cache_expiration_time 300 proc_username nobody proc_groupname nobody stat_filename /var/run/pimpstats protocol_log_filename /var/log/imapproxy_protocol.log syslog_facility LOG_MAIL send_tcp_keepalives no enable_select_cache no foreground_mode no force_tls yes enable_admin_commands no tls_ca_file /usr/share/ssl/certs/server-imapd.pem tls_ca_path /usr/share/ssl/certs/ tls_cert_file /usr/share/ssl/certs/server_imapd.pem tls_key_file /usr/share/ssl/certs/server_imapd.pem And when starting the server, I get: Mar 3 14:47:22 sopris in.imapproxyd[13378]: main(): Configured to run in background mode. Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Enabling STARTTLS. Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Failed to load CA data. Exiting. I have tried splitting the PEM file out into different files to see if that helps (note, this is a self-signed cert) and this didn't help at all. Is there any way to get more information out of the thing? Appreciate any responses. From chuck at horde.org Mon Mar 6 09:45:15 2006 From: chuck at horde.org (Chuck Hagenbuch) Date: Mon, 06 Mar 2006 12:45:15 -0500 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <440C59E7.4040303@umdnj.edu> References: <440C59E7.4040303@umdnj.edu> Message-ID: <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> Quoting Ryan Novosielski : > I have installed imapproxy v1.2.4 with the following config-file: I don't know the answer, and I feel like I should warn you that this list has seen extremely little traffic recently. Assuming anyone else is here, does anyone feel that this particular imapproxy implementation adds anything special? Or would people be okay with deprecating this codebase and pointing people towards, say, up-imapproxy? -chuck -- "we are plastered to the windshield of the bus that is time." - Chris From jan at horde.org Mon Mar 6 10:21:20 2006 From: jan at horde.org (Jan Schneider) Date: Mon, 06 Mar 2006 19:21:20 +0100 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> References: <440C59E7.4040303@umdnj.edu> <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> Message-ID: <20060306192120.8lg48czmkgkk0kgo@neo.wg.de> Zitat von Chuck Hagenbuch : > Quoting Ryan Novosielski : > >> I have installed imapproxy v1.2.4 with the following config-file: > > I don't know the answer, and I feel like I should warn you that this > list has seen extremely little traffic recently. > > Assuming anyone else is here, does anyone feel that this particular > imapproxy implementation adds anything special? Or would people be > okay with deprecating this codebase and pointing people towards, say, > up-imapproxy? Isn't that what we do already? Jan. -- Do you need professional PHP or Horde consulting? http://horde.org/consulting/ From eric.rostetter at physics.utexas.edu Mon Mar 6 11:17:48 2006 From: eric.rostetter at physics.utexas.edu (Eric Jon Rostetter) Date: Mon, 6 Mar 2006 13:17:48 -0600 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <440C59E7.4040303@umdnj.edu> References: <440C59E7.4040303@umdnj.edu> Message-ID: <20060306131748.i4b7m2h0o7284484@mail.ph.utexas.edu> Quoting Ryan Novosielski : > force_tls yes This means it can't run without TLS/SSL, so it has to abort if anything fails with the TLS/SSL (as it did in your case). > tls_ca_file /usr/share/ssl/certs/server-imapd.pem > tls_ca_path /usr/share/ssl/certs/ > tls_cert_file /usr/share/ssl/certs/server_imapd.pem > tls_key_file /usr/share/ssl/certs/server_imapd.pem Your tls_ca_file has a hyphen in the name, where as the tls_cert_file and tls_key_file have an underscore. Is that on purpose, or a typo, or what? Normally you would point your tls_ca_file at an actual CA file, not your certificate file. E.g. at /usr/share/ssl/certs/ca-bundle.crt or similar. > Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Failed to load CA > data. Exiting. I can't load the CA file you specified. Perhaps a typo as I pose above? > I have tried splitting the PEM file out into different files to see if > that helps (note, this is a self-signed cert) and this didn't help at > all. Is there any way to get more information out of the thing? Don't know. But I wouldn't worry about your certificate as much as I would about your CA, which shouldn't be the same thing... > Appreciate any responses. -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! From chuck at horde.org Mon Mar 6 11:20:58 2006 From: chuck at horde.org (Chuck Hagenbuch) Date: Mon, 06 Mar 2006 14:20:58 -0500 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <20060306192120.8lg48czmkgkk0kgo@neo.wg.de> References: <440C59E7.4040303@umdnj.edu> <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> <20060306192120.8lg48czmkgkk0kgo@neo.wg.de> Message-ID: <20060306142058.czuridwhb4gwcs4c@marina.horde.org> Quoting Jan Schneider : >> Assuming anyone else is here, does anyone feel that this particular >> imapproxy implementation adds anything special? Or would people be >> okay with deprecating this codebase and pointing people towards, say, >> up-imapproxy? > > Isn't that what we do already? Perhaps in practice, but then should we take down the bugs queue, the mailing list, and archive the cvs module? -chuck -- "we are plastered to the windshield of the bus that is time." - Chris From eric.rostetter at physics.utexas.edu Mon Mar 6 11:45:37 2006 From: eric.rostetter at physics.utexas.edu (Eric Jon Rostetter) Date: Mon, 6 Mar 2006 13:45:37 -0600 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> References: <440C59E7.4040303@umdnj.edu> <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> Message-ID: <20060306134537.swiungeyam00gog0@mail.ph.utexas.edu> Quoting Chuck Hagenbuch : > Assuming anyone else is here, does anyone feel that this particular > imapproxy implementation adds anything special? Or would people be > okay with deprecating this codebase and pointing people towards, say, > up-imapproxy? > > -chuck I no longer use this proxy, nor up-imapproxy, as I had some problems with both (in particular with their handling of NULL bytes in the streams). That was a long time ago though, so up-imapproxy may be better now. Since the imapproxy hosted by Horde seems to be dormant, and the up-imapproxy seems to be under active development, I see no reason not to depreciate this one and point people to up-imapproxy (or elsewhere). -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! From novosirj+imapproxy at umdnj.edu Mon Mar 6 12:07:23 2006 From: novosirj+imapproxy at umdnj.edu (Ryan Novosielski) Date: Mon, 06 Mar 2006 15:07:23 -0500 Subject: [imapproxy] imapproxy Digest, Vol 48, Issue 1 In-Reply-To: References: Message-ID: <440C967B.2000600@umdnj.edu> Doh -- I was not aware that this list was not for up-imapproxy. I've been somewhat mixed up on this one, and since I saw no place that Horde imapproxy was even available anymore, I figured that this one must be for helping horde users use up-imapproxy. As for the CA issue -- I actually did make a typo there... all three lines should read the same thing. Thanks, though, I'll go looking for the right list. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$&| |__| | | |__/ | \| _| | novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.| IST/AST - NJMS Medical Science Bldg - C630 imapproxy-request at lists.horde.org wrote: > Send imapproxy mailing list submissions to > imapproxy at lists.horde.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.horde.org/mailman/listinfo/imapproxy > or, via email, send a message with subject or body 'help' to > imapproxy-request at lists.horde.org > > You can reach the person managing the list at > imapproxy-owner at lists.horde.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of imapproxy digest..." > > > Today's Topics: > > 1. Problems with CA and force_tls (Ryan Novosielski) > 2. Re: Problems with CA and force_tls (Chuck Hagenbuch) > 3. Re: Problems with CA and force_tls (Jan Schneider) > 4. Re: Problems with CA and force_tls (Eric Jon Rostetter) > 5. Re: Problems with CA and force_tls (Chuck Hagenbuch) > 6. Re: Problems with CA and force_tls (Eric Jon Rostetter) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 06 Mar 2006 10:48:55 -0500 > From: Ryan Novosielski > Subject: [imapproxy] Problems with CA and force_tls > To: imapproxy at lists.horde.org > Message-ID: <440C59E7.4040303 at umdnj.edu> > Content-Type: text/plain; format=flowed; charset=ISO-8859-1 > > I have installed imapproxy v1.2.4 with the following config-file: > > server_hostname > cache_size 3072 > listen_port 143 > server_port 143 > cache_expiration_time 300 > proc_username nobody > proc_groupname nobody > stat_filename /var/run/pimpstats > protocol_log_filename /var/log/imapproxy_protocol.log > syslog_facility LOG_MAIL > send_tcp_keepalives no > enable_select_cache no > foreground_mode no > force_tls yes > enable_admin_commands no > tls_ca_file /usr/share/ssl/certs/server-imapd.pem > tls_ca_path /usr/share/ssl/certs/ > tls_cert_file /usr/share/ssl/certs/server_imapd.pem > tls_key_file /usr/share/ssl/certs/server_imapd.pem > > And when starting the server, I get: > > Mar 3 14:47:22 sopris in.imapproxyd[13378]: main(): Configured to run > in background mode. > Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Enabling STARTTLS. > Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Failed to load CA > data. Exiting. > > I have tried splitting the PEM file out into different files to see if > that helps (note, this is a self-signed cert) and this didn't help at > all. Is there any way to get more information out of the thing? > > Appreciate any responses. > > > > ------------------------------ > > Message: 2 > Date: Mon, 06 Mar 2006 12:45:15 -0500 > From: Chuck Hagenbuch > Subject: Re: [imapproxy] Problems with CA and force_tls > To: imapproxy at lists.horde.org > Message-ID: <20060306124515.2ghdqgd4bo0scokk at marina.horde.org> > Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; > format="flowed" > > Quoting Ryan Novosielski : > > >> I have installed imapproxy v1.2.4 with the following config-file: >> > > I don't know the answer, and I feel like I should warn you that this > list has seen extremely little traffic recently. > > Assuming anyone else is here, does anyone feel that this particular > imapproxy implementation adds anything special? Or would people be > okay with deprecating this codebase and pointing people towards, say, > up-imapproxy? > > -chuck > > From eric.rostetter at physics.utexas.edu Mon Mar 6 12:18:47 2006 From: eric.rostetter at physics.utexas.edu (Eric Jon Rostetter) Date: Mon, 6 Mar 2006 14:18:47 -0600 Subject: [imapproxy] imapproxy Digest, Vol 48, Issue 1 In-Reply-To: <440C967B.2000600@umdnj.edu> References: <440C967B.2000600@umdnj.edu> Message-ID: <20060306141847.cms8x0t8e5oo0kk4@mail.ph.utexas.edu> Quoting Ryan Novosielski : > As for the CA issue -- I actually did make a typo there... all three > lines should read the same thing. Thanks, though, I'll go looking for > the right list. Again, normally your CA file is separate from your actual certificate (it is what you used to sign the certificate) so I think that has to do with your issues also, in my perhaps wrong humble opinion... But I'm sure the folks at imapproxy.org can help you out better than I can... -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! From jan at horde.org Mon Mar 6 13:00:27 2006 From: jan at horde.org (Jan Schneider) Date: Mon, 06 Mar 2006 22:00:27 +0100 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <20060306142058.czuridwhb4gwcs4c@marina.horde.org> References: <440C59E7.4040303@umdnj.edu> <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> <20060306192120.8lg48czmkgkk0kgo@neo.wg.de> <20060306142058.czuridwhb4gwcs4c@marina.horde.org> Message-ID: <20060306220027.w0epayfd0k8c4g4o@neo.wg.de> Zitat von Chuck Hagenbuch : > Quoting Jan Schneider : > >>> Assuming anyone else is here, does anyone feel that this particular >>> imapproxy implementation adds anything special? Or would people be >>> okay with deprecating this codebase and pointing people towards, say, >>> up-imapproxy? >> >> Isn't that what we do already? > > Perhaps in practice, but then should we take down the bugs queue, the > mailing list, and archive the cvs module? Probably yes. Jan. -- Do you need professional PHP or Horde consulting? http://horde.org/consulting/ From chuck at horde.org Mon Mar 6 13:24:01 2006 From: chuck at horde.org (Chuck Hagenbuch) Date: Mon, 06 Mar 2006 16:24:01 -0500 Subject: [imapproxy] Problems with CA and force_tls In-Reply-To: <20060306220027.w0epayfd0k8c4g4o@neo.wg.de> References: <440C59E7.4040303@umdnj.edu> <20060306124515.2ghdqgd4bo0scokk@marina.horde.org> <20060306192120.8lg48czmkgkk0kgo@neo.wg.de> <20060306142058.czuridwhb4gwcs4c@marina.horde.org> <20060306220027.w0epayfd0k8c4g4o@neo.wg.de> Message-ID: <20060306162401.bvppjqt5essog8sg@marina.horde.org> Quoting Jan Schneider : >> Perhaps in practice, but then should we take down the bugs queue, the >> mailing list, and archive the cvs module? > > Probably yes. Okay. This'll be notice to those on the list that this is happening. The web page at http://horde.org/imapproxy/ will be updated to explicitly refer folks to imapproxy.org. -chuck -- "we are plastered to the windshield of the bus that is time." - Chris