Quoting Jonathan McDowell <noodles@earth.li>:
On Mon, May 16, 2005 at 09:27:23AM -0400, Roberto C. Sanchez wrote:Jonathan McDowell wrote: > Hmmmm. I run with my own CA signed cert and had no problems with a > Woody -> Sarge upgrade of sslwrap on Friday. Can you send me your > /etc/sslwrap/debian_conf and the output of > "grep sslwrap /etc/inetd.conf" (assuming you're running it from inetd)? Did you want to see what they looked like before or after the upgrade?Both, if possible. Whatever you've got easily would be a good start though. J.
********** BEGIN BEFORE ********** # grep sslwrap inetd.conf ssmtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 25 imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 143 /etc/sslwrap/debian_config: run_mode="inetd" used_addr="127.0.0.1" with_certificate="true" certfile="/etc/ssl/server_key_and_cert.pem" overwrite_corrupted_certfile="false" check_cert="true" ports="imaps, ssmtp" *********** END BEFORE *********** ********** BEGIN AFTER ********** # grep sslwrap inetd.conf ssmtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 25 imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sslwrap -cert /etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 143 /etc/sslwrap/debian_config: run_mode="inetd" used_addr="127.0.0.1" with_certificate="true" certfile="/etc/ssl/server_key_and_cert.pem" overwrite_corrupted_certfile="false" check_cert="true" ports="imaps, ssmtp" *********** END AFTER *********** I no longer have sslwrap installed since postfix-tls now properly grabs port 465 without dying and cyrus21 supports imaps (though last night I switched to courier, which also natively does imaps). The problem, if you refer to my original mail, is that something about the CA was confusing sslwrap, which I believe tried to generate its own cert. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr