| View previous topic :: View next topic |
| Author |
Message |
coRpTitan
n00b
Joined: 21 Aug 2005
Posts: 55
Location: Czech Republic, Brno
|
 Posted: Sat Aug 23, 2008 4:38 pm Post subject: courier-imap - segfault |
 |
|
Greetings,
I've installed and started courier-authlib (using authPAM), then i installed courier-imap.
Then i made cert by using this script: /usr/sbin/mkpop3dcert - i made only 1 change in this script: i removed bold text.
/usr/bin/openssl req -new -x509 -days 365 -nodes -conf /etc/courier-imap/pop3.cnf -out $pemfile -keyout $pemfile || cleanup
I removed it because it gave me error:
| Code: | unable to find 'distinguished_name' in config
problems making Certificate Request
16560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name |
Now, i have cert, and POP3S running:
| Code: | /etc/init.d/courier-pop3d-ssl start
* Starting courier-pop3d over SSL ... [ ok ] |
But when i am trying to connect(using Thunderbird) it gives me warning message about cert(probably because of it's self signed cert). When i accept this cert for current session nothing happens in Thunderbird, but in system log is error message:
Aug 23 18:12:35 HOSTNAME couriertls[17953]: segfault at bf50dffc ip 0804ce0e sp bf50e000 error 6 in couriertls[8048000+f000]
Here is my /etc/courier-imap/pop3d-ssl:
| Code: |
HOSTNAME courier-imap # cat pop3d-ssl | grep -v "#" | uniq
SSLPORT=995
SSLADDRESS=0
SSLPIDFILE=/var/run/pop3d-ssl.pid
SSLLOGGEROPTS="-name=pop3d-ssl"
POP3DSSLSTART=NO
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=0
COURIERTLS=/usr/sbin/couriertls
TLS_STARTTLS_PROTOCOL=TLS1
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/courier-imap/pop3d.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
MAILDIR=.maildir
MAILDIRPATH=.maildir
HOSTNAME courier-imap #
|
Can any one tell me where is problem please?
Here is my emerge --info :
| Code: | tbook courier-imap # emerge --info
Portage 2.2_rc8 (default-linux/x86/2007.0, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.26-tuxonice i686)
=================================================================
System uname: Linux-2.6.26-tuxonice-i686-Intel-R-_Pentium-R-_M_processor_1.73GHz-with-glibc2.0
Timestamp of tree: Sat, 23 Aug 2008 08:33:01 +0000
app-shells/bash: 3.2_p39
dev-java/java-config: 1.3.7, 2.1.6-r1
dev-lang/python: 2.4.4-r14, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r5
sys-apps/baselayout: 2.0.0
sys-apps/openrc: 0.2.2
sys-apps/sandbox: 1.2.18.1-r3
sys-devel/autoconf: 2.13, 2.62-r1
sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils: 2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool: 2.2.4
virtual/os-headers: 2.6.26
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium-m -pipe -mtune=pentium-m"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium-m -pipe -mtune=pentium-m"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks parallel-fetch preserve-libs sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.linux.cz/pub/linux/gentoo/ "
LDFLAGS=""
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl acpi alsa background berkdb bluetooth bzip2 cli cracklib crypt cups curl dbus dri encode fortran ftp gdbm gif gnome gpm gtk hal iconv isdnlog java jpeg kde laptop libwww logitech-mouse midi mp3 mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp pam pcmcia pcre perl png pppd python qt3support readline reflection sasl session spl sqlite sse2 ssl tcpd truetype unicode usb vorbis win32codecs wma wmv x86 xml xorg xscreensaver xvid zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="i810"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY |
And sorry for my verry bad english  |
|
| Back to top |
|
 |
notHerbert
Advocate
Joined: 11 Mar 2008
Posts: 2228
Location: 45N 73W
|
| Posted: Wed Aug 27, 2008 11:58 pm Post subject: |
|
|
Hi coRpTitan
You need to restore the script /usr/sbin/mkpop3dcert to it's original form, then
| Code: | # cd /etc/courier-imap
# nano -w pop3d.cnf
# nano -w imapd.cnf
(Change the C, ST, L, CN, and email parameters to match your server.) - this is where the distinguished name comes from.
# mkpop3dcert
# mkimapdcert |
Once that is repaired, the rest should work better.  |
|
| Back to top |
|
|
coRpTitan
n00b
Joined: 21 Aug 2005
Posts: 55
Location: Czech Republic, Brno
|
| Posted: Thu Aug 28, 2008 8:58 am Post subject: |
|
|
Hi notHerbert,
I've done this:
| Code: | tbook courier-imap # whereis mkpop3dcert
mkpop3dcert: /usr/sbin/mkpop3dcert.orig /usr/sbin/mkpop3dcert /usr/share/man/man8/mkpop3dcert.8.bz2
tbook courier-imap # cat /usr/sbin/mkpop3dcert
#! /bin/sh
#
# mkimapdcert,v 1.1 2001/01/02 03:54:25 drobbins Exp
#
# Copyright 2000 Double Precision, Inc. See COPYING for
# distribution information.
#
# This is a short script to quickly generate a self-signed X.509 key for
# IMAP over SSL. Normally this script would get called by an automatic
# package installation routine.
test -x /usr/bin/openssl || exit 0
prefix="/usr"
pemfile="/etc/courier-imap/pop3d.pem"
randfile="/etc/courier-imap/pop3d.rand"
if test -f $pemfile
then
echo "$pemfile already exists."
exit 1
fi
cp /dev/null $pemfile
chmod 600 $pemfile
chown root $pemfile
cleanup() {
rm -f $pemfile
rm -f $randfile
exit 1
}
dd if=/dev/urandom of=$randfile count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 365 -nodes \
-config /etc/courier-imap/pop3d.cnf -out $pemfile -keyout $pemfile || cleanup
/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup
/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup
rm -f $randfile |
This is original script as portage installed it.
| Code: | tbook courier-imap # cat pop3d.cnf
organization = "tntwrk.info"
unit = "Automatically-generated POP3 SSL key"
locality = Brno"
state = "CZ"
country = CZ
cn = "tntwrk.info"
serial = 001
expiration_days = 365
email = "titan@tntwrk.info" |
File with certificate info
| Code: | tbook courier-imap # cat imapd.cnf
organization = "tntwrk.info"
unit = "Automatically-generated IMAP SSL key"
locality = "Brno"
state = CZ"
country = CZ
cn = "tntwrk.info"
serial = 001
expiration_days = 365
email = "titan@tntwrk.info" |
I think i don't need to modify this file if i only want to make POP3D cert, but i've edited it too.
| Code: | tbook courier-imap # mkpop3dcert
Generating a 512 bit RSA private key
........++++++++++++
..............++++++++++++
writing new private key to '/etc/courier-imap/pop3d.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
11014:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name
tbook courier-imap # |
Exactly same error as i explained above. I think cert is ok, only informations like C, ST, L, CN was not taken form conf file but i was prompted for them. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
