From jylitalo@jylitalo.homeip.net  Tue Apr 15 12:43:11 2003
Return-Path: <jylitalo@jylitalo.homeip.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D03F737B404
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Apr 2003 12:43:11 -0700 (PDT)
Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 382B843F75
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Apr 2003 12:43:10 -0700 (PDT)
	(envelope-from jylitalo@jylitalo.homeip.net)
Received: from coat.st-paul ([80.186.17.224]) by fep01-app.kolumbus.fi
          with ESMTP
          id <20030415194303.KAJR639.fep01-app.kolumbus.fi@coat.st-paul>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Tue, 15 Apr 2003 22:43:03 +0300
Received: from coat.st-paul (localhost [127.0.0.1])
	by coat.st-paul (8.12.6p2/8.12.3) with ESMTP id h3FJgjfv080611
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Apr 2003 22:42:48 +0300 (EEST)
	(envelope-from jylitalo@coat.st-paul)
Received: (from root@localhost)
	by coat.st-paul (8.12.6p2/8.12.6/Submit) id h3FJgg4b080610;
	Tue, 15 Apr 2003 22:42:42 +0300 (EEST)
Message-Id: <200304151942.h3FJgg4b080610@coat.st-paul>
Date: Tue, 15 Apr 2003 22:42:42 +0300 (EEST)
From: Juha Ylitalo <juha.o.ylitalo@kolumbus.fi>
Reply-To: Juha Ylitalo <juha.o.ylitalo@kolumbus.fi>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: SSL with mail/dovecot simply doesn't work
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         50999
>Category:       ports
>Synopsis:       SSL with mail/dovecot simply doesn't work
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 15 12:50:16 PDT 2003
>Closed-Date:    Sat Dec 13 15:13:16 PST 2003
>Last-Modified:  Sat Dec 13 15:13:16 PST 2003
>Originator:     Juha Ylitalo <juha.o.ylitalo@kolumbus.fi>
>Release:        FreeBSD 4.7-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD coat.st-paul 4.7-RELEASE-p10 FreeBSD 4.7-RELEASE-p10 #5: Thu Apr 3 21:00:02 EEST 2003 root@coat.st-paul:/usr/obj/usr/src/sys/COAT i386


	
>Description:
I have dovecot compiled from ports with default options, copied 
/usr/local/etc/dovecot-example.conf to /usr/local/etc/dovecot.conf and
did necessary fixes to make it possible to start /usr/local/sbin/dovecot
without complains (can be found from http://jylitalo.homeip.net/dovecot.conf).
Before I start running dovecot, I also created SSL certs with 
/usr/local/share/dovecot/mkcerts.sh script.

Now when I try to test it with 
openssl s_client -host localhost -port 993 -verify -debug
my openssl window will print following:
verify depth is 0
CONNECTED(00000003)
depth=0 /OU=IMAP server/CN=imap.example.com/Email=postmaster@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /OU=IMAP server/CN=imap.example.com/Email=postmaster@example.com
verify return:1
80573:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:1046:SSL
alert number 20
80573:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_lib.c:226:
bash-2.05a$

At the sametime dovecot prints:
dovecot: Apr 15 22:33:09 Info: Dovecot starting up
imap-login: Apr 15 22:33:14 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [127.0.0.1]
imap-login: Apr 15 22:33:14 Info: Disconnected [127.0.0.1]

If I try to use mutt, it will simply say that TLS failed and with evolution
it will show me certificate, but then things will fail.

dovecot seems to work nicely as plaintext IMAP server, but plaintext is too
big security hole to accept and I don't want to start setting up stunnel,
since dovecot claims to support SSL.

Reason why this PR got so high severity and priority in my classification is
that based on personal testing and mailing-list discussions, evolution 1.2.2
and uw-imap simply don't work well together. This forced me to look for
alternatives and on quick study dovecot was only other IMAP mail server, which
supports mailboxes (vs. maildirs). That one is real requirement for me,
because at this moment, I don't want to start studying how you integrate
procmail, spamassasin, etc. into maildir system.
	
>How-To-Repeat:
	
See description...
>Fix:
Only work-around that I've found so far is to go back to uw-imap even though
that means that its time to say hasta la vista to Evolution 1.2.2 (those two
together don't make good pair).
	


>Release-Note:
>Audit-Trail:

From: Andy Hauser <andy-freebsd@splashground.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc: juha.o.ylitalo@kolumbus.fi
Subject: Re: ports/50999: SSL with (mail/)dovecot simply doesn't work
Date: Fri, 12 Sep 2003 17:55:34 +0200

 Hoi,
 
 I cannot reproduce the the this pr on 5.1-RELEASE.
 
 aha
State-Changed-From-To: feedback->closed 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
If this is still a problem with the latest (3.23.58) one, please 
resubmit the problem. Most likely it was caused by the not running 
of ldconfig by the port. If it still occures, please add the output 
of "ldconfig -r" to the PR. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=44799 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
euhmm.. I'll redit this PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45210 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=46024 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=46338 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46510 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46530 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48097 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50140 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50195 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50417 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50418 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50586 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix category 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50724 
State-Changed-From-To: open->open 
State-Changed-By: edwin 
State-Changed-When: Sat Sep 27 18:35:21 PDT 2003 
State-Changed-Why:  
Fix synopsesFix synopsesFix synopses 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50999 
State-Changed-From-To: open->closed 
State-Changed-By: sergei 
State-Changed-When: Sat Dec 13 15:13:07 PST 2003 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50999 
>Unformatted:
