Re: Debian Woody -> Sarge upgrade report

Mon, 16 May 2005 08:21:27 -0700 

Quoting Jonathan McDowell <[EMAIL PROTECTED]>:

On Mon, May 16, 2005 at 09:27:23AM -0400, Roberto C. Sanchez wrote: 
Jonathan McDowell wrote:
> Hmmmm. I run with my own CA signed cert and had no problems with a
> Woody -> Sarge upgrade of sslwrap on Friday. Can you send me your
> /etc/sslwrap/debian_conf and the output of
> "grep sslwrap /etc/inetd.conf" (assuming you're running it from inetd)?
Did you want to see what they looked like before or after the upgrade?


Both, if possible. Whatever you've got easily would be a good start
though.

J. 

********** BEGIN BEFORE **********
# grep sslwrap inetd.conf
ssmtp   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/sslwrap  -cert
/etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 25
imaps   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/sslwrap  -cert
/etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 143

/etc/sslwrap/debian_config:
run_mode="inetd"
used_addr="127.0.0.1"
with_certificate="true"
certfile="/etc/ssl/server_key_and_cert.pem"
overwrite_corrupted_certfile="false"
check_cert="true"
ports="imaps, ssmtp"

*********** END BEFORE ***********

********** BEGIN AFTER **********
# grep sslwrap inetd.conf
ssmtp   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/sslwrap  -cert
/etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 25
imaps   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/sslwrap  -cert
/etc/ssl/server_key_and_cert.pem -addr 127.0.0.1 -port 143

/etc/sslwrap/debian_config:
run_mode="inetd"
used_addr="127.0.0.1"
with_certificate="true"
certfile="/etc/ssl/server_key_and_cert.pem"
overwrite_corrupted_certfile="false"
check_cert="true"
ports="imaps, ssmtp"

*********** END AFTER ***********

I no longer have sslwrap installed since postfix-tls now properly grabs port
465 without dying and cyrus21 supports imaps (though last night I switched
to courier, which also natively does imaps).  The problem, if you refer to my
original mail, is that something about the CA was confusing sslwrap, which
I believe tried to generate its own cert.

-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to