Bug 85912 - Imapd hangs when accessed via SSL
Summary: Imapd hangs when accessed via SSL
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: imap
Version: 7.3
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: John Dennis
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-03-10 19:02 UTC by Graham Leggett
Modified: 2007-04-18 16:51 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-09-20 03:40:00 UTC
Embargoed:


Attachments (Terms of Use)

Description Graham Leggett 2003-03-10 19:02:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.2) Gecko/20030110

Description of problem:
Imap-2001a is configured for normal IMAP on port 443. It works fine.

The mail client (Mozilla v1.2.1) is configured to use SSL on port 993. An
attempt to connect to the secure IMAP server hangs forever until "stop" is pressed.

A sniff on the connection shows that the SSL handshake happens, but nothing
after this.

The /var/log/maillog file shows this:

Mar 10 20:42:18 broadway imapd[25269]: imaps SSL service init from 192.168.0.201

And nothing else.

The machine is configured to use user accounts authenticated against an LDAP
server. This LDAP system works fine.

The cert being used is a cert signed by our own CA cert, and works both in our
Apache server and OpenLDAP server.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See above.

Additional info:

Comment 1 Graham Leggett 2003-03-10 19:29:54 UTC
After further digging through documentation, imap-2001a seems to insist that SSL
certs are signed by what it calls "a trusted certificate authority".

Nowhere in the docs does it describe where it might find a list of trusted
certificate authorities. Adding our private CA certificate to the
/usr/share/ssl/certs/ca-bundle.crt file (the only database of trusted certs
anywhere on the system) makes no difference - imap still hangs.

If imaps was being anal about it's certificate support, it would help *a whole
bunch* if something to that effect was written to /var/log/maillog.


Comment 2 Warren Togami 2004-09-20 03:40:00 UTC
There is no doubt that your concern is valid, however there is nothing
we can do about this.  Please consider using one of the better
supported IMAP servers like dovecot or cyrus-imapd in FC2+.


Note You need to log in before you can comment on or make changes to this bug.