Bug 128667 - Unable to provide intermediate certificates for secure pop3 connections
Summary: Unable to provide intermediate certificates for secure pop3 connections
Alias: None
Product: Fedora
Classification: Fedora
Component: imap   
(Show other bugs)
Version: 1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2004-07-27 19:37 UTC by Kuba Ober
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-07-27 20:46:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Kuba Ober 2004-07-27 19:37:48 UTC
Description of problem: 
Many certificate authorities issue site certificates against an 
intermediate certificate, not a root one that most browsers/email 
clients use. 
pop3s currently discards any intermediate certificates appended 
to /usr/share/ssl/certs/ipop3d.pem 
The functionality sought is same in spirit as apache modssl's  
How reproducible: 
Case in point: A certificate issued by starfield.com will be rejected 
by e.g. kmail and outlook express because the intermediate 
certificate needed to ensure authenticity of site certificate is not 
sent to the client. 
The real problem is that the SSLCertificateChainFile's functionality 
is missing... Since imap doesn't seem to use any configuration files, 
one could hard-code it to look for intermediate certificates in a 
file with a documented name. The /usr/share/ssl/certs/ipop3d.pem 
doesn't seem to be documented either :(

Comment 1 John Dennis 2004-07-27 20:09:43 UTC
UW imap was deprecated as of FC1, imap solutions in fedora and RHEL
are now Cyrus and Dovecot. I'm sorry but there is no continuing
engineering work being performed by Red Hat on UW imap. You may if you
wish address this issue directly with the upstream project which you
can find here, http://www.washington.edu/imap

Comment 2 Kuba Ober 2004-07-27 20:28:10 UTC
What's the pop3 solution, then? I don't need this for imap, just for 

Comment 3 John Dennis 2004-07-27 20:46:24 UTC
Both the cyrus-imap and dovecot rpm's provide pop3 along with imap,
just like the imap package from UW did. Dovecot is smaller, easier to
administer, and compatible with UNIX mbox format. Cyrus is a much more
complex package and uses a non-standard mail store. I suspect for your
purposes dovecot may be a better solution, cyrus however is more
mature and more familar to admins.

Note You need to log in before you can comment on or make changes to this bug.