In hope that this information might be useful for tracking down the problem...
I can reproduce it with my self-signed certificate loaded in dovecot, but not with my cacert-signed certificate. If needed for debugging, I could give up my self-signed key since I could stop using it without much hassle. Information on Self-signed cert that mutt now crashes when opening imaps://localhost ------------------------------------------------------------------------- $ gnutls-cli -p 143 localhost --insecure -s Resolving 'localhost'... Connecting to '127.0.0.1:143'... - Simple Client Mode: * OK Dovecot ready. . STARTTLS . OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1032 bits - Secret key: 1012 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'localhost'. # valid since: Sat Sep 27 20:15:43 CEST 2008 # expires at: Tue Sep 25 20:15:47 CEST 2018 # fingerprint: 1F:05:C4:56:0D:61:6F:63:E8:47:72:63:11:C8:78:0A # Subject's DN: C=SE,CN=fatal.se,[EMAIL PROTECTED] # Issuer's DN: C=SE,CN=fatal.se,[EMAIL PROTECTED] - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL . LOGOUT * BYE Logging out . OK Logout completed. *** Fatal error: A TLS packet with unexpected length was received. *** Server has terminated the connection abnormally. Information on cacert signed certificate which does not cause mutt to crash: ----------------------------------------------------------------------------- $ gnutls-cli -p 143 localhost --insecure -s Resolving 'localhost'... Connecting to '127.0.0.1:143'... - Simple Client Mode: * OK Dovecot ready. . STARTTLS . OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1032 bits - Secret key: 1013 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'localhost'. # valid since: Tue Nov 11 16:00:28 CET 2008 # expires at: Sun May 10 17:00:28 CEST 2009 # fingerprint: 3E:62:44:BE:25:AC:BC:F2:AC:49:7B:CD:F4:60:E7:56 # Subject's DN: CN=*.fatal.se # Issuer's DN: O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,[EMAIL PROTECTED] - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL . LOGOUT * BYE Logging out . OK Logout completed. *** Fatal error: A TLS packet with unexpected length was received. *** Server has terminated the connection abnormally. -- Andreas Henriksson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
