[Bug 1420648] Re: Client certificate verfication fails
Daniel Dickinson
ubuntu at daniel.thecshore.com
Thu Feb 12 11:01:00 UTC 2015
Ok, the patch doesn't actually fix the bug. It appeared to in that
after running the server with the patch applied client certificate
validation succeeded, however, it appears this bug is actually
intermittent as, even with the patched package, the server is now
complaining that the client has not provided a valid SSL certficate.
This is definitely not true as the certificates, and in general
verification of client-side certificates work, even with the same
Thunderbird client, with postfix, exim, and cyrus-imapd.
In short dovecot has some bug that causes verfication of certificates
present by the client to fail, however the bug is not easy to debug as
sometimes config changes work, but later, running the same config,
things fail again.
There appears to be some sort of caching even across client and server
restarts that is coming into play and confusing the issue.
Anyone know of SSL caching issues with Window 8.1?
Regards,
Daniel
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1420648
Title:
Client certificate verfication fails
Status in dovecot package in Ubuntu:
New
Bug description:
If you use the option
auth_ssl_require_client_cert = yes
Then no matter how carefully you follow the documentation are all the
attempts provide support your clients (e.g. Thunderbird) will fail to
connect to the dovecot mail server. This issue does not with cyrus-
imap mail server.
I have investigated the code and believe I have found and fixed the
issue (the attached patch makes verification of client side SSL
certificates work for me, which is NOT true without the patch).
Basically the OpenSSL logic is wrong when it comes to setting up the
client side verification.
I have a DebDiff against Trusty that fixes the issue. (Attached).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1420648/+subscriptions
More information about the Ubuntu-sponsors
mailing list