Bug 128667 - Unable to provide intermediate certificates for secure pop3 connections
Unable to provide intermediate certificates for secure pop3 connections
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: imap (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-27 15:37 EDT by Kuba Ober
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-27 16:46:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kuba Ober 2004-07-27 15:37:48 EDT
Description of problem: 
Many certificate authorities issue site certificates against an 
intermediate certificate, not a root one that most browsers/email 
clients use. 
pop3s currently discards any intermediate certificates appended 
to /usr/share/ssl/certs/ipop3d.pem 
The functionality sought is same in spirit as apache modssl's  
SSLCertificateChainFile 
 
How reproducible: 
Case in point: A certificate issued by starfield.com will be rejected 
by e.g. kmail and outlook express because the intermediate 
certificate needed to ensure authenticity of site certificate is not 
sent to the client. 
 
The real problem is that the SSLCertificateChainFile's functionality 
is missing... Since imap doesn't seem to use any configuration files, 
one could hard-code it to look for intermediate certificates in a 
file with a documented name. The /usr/share/ssl/certs/ipop3d.pem 
doesn't seem to be documented either :(
Comment 1 John Dennis 2004-07-27 16:09:43 EDT
UW imap was deprecated as of FC1, imap solutions in fedora and RHEL
are now Cyrus and Dovecot. I'm sorry but there is no continuing
engineering work being performed by Red Hat on UW imap. You may if you
wish address this issue directly with the upstream project which you
can find here, http://www.washington.edu/imap
Comment 2 Kuba Ober 2004-07-27 16:28:10 EDT
What's the pop3 solution, then? I don't need this for imap, just for 
pop3... 
Comment 3 John Dennis 2004-07-27 16:46:24 EDT
Both the cyrus-imap and dovecot rpm's provide pop3 along with imap,
just like the imap package from UW did. Dovecot is smaller, easier to
administer, and compatible with UNIX mbox format. Cyrus is a much more
complex package and uses a non-standard mail store. I suspect for your
purposes dovecot may be a better solution, cyrus however is more
mature and more familar to admins.

Note You need to log in before you can comment on or make changes to this bug.