[Pkg-Cyrus-imapd-Debian-devel] Re: Experimental cyrus22 packages (preview of upcoming official packages) available on alioth

[Sven Mueller]

Edward Shornock (Cyrus Pkg List) wrote on 08/04/2005 23:38:
> Sven Mueller wrote:
>>Since I'm experiencing difficulties in that area:
>>Do you use SSL connections with cyrus22? I.e. do you provide imap/pop3
>>over SSL?
>>
> 
> Not as of yet, but I do plan upon implementing it. It hasn't been that
> high of a priority for me because all connections to the mail server are
> on my local LAN--when I am no longer unemployed that'll no longer be the
> case.  I'll set that up very soon and report the results.

No worries here anymore. After I spent about 4 hours trying to debug why
cyrus-imapd seemed to have problems with a SSL-cert and key with which
neither postfix nor apache seemed to have any problems. Well after a
while I decided to take a different approach and checked my ssl certs
and keys once more. Though I didn't find a good way to display
information about the keyfile (such as the key fingerprint or other
information), I noticed that the keyfile in question did have no
difference to another keyfile I once created along with another cert for
the same host. In other words: It was a keyfile which didn't match the
cert I configured to use along with it. And cyrus obviously was the only
software which noticed this. The error message is a bit cryptic, and I
will create a patch to make it a bit more obvious.

I will also try to find out which DB it fails to cleanly close under
that kind of circumstance and if I find a way to do that, I will also
try to fix that issue.

So: The problem I had with SSL in cyrus22 (for some reason not in
cyrus21 as far as I can tell) is actually a problem that doesn't exist
if your SSL certificate and key really match.

cu,
sven

cu,
sven