On Thu, 2009-03-19 at 00:37 +0100, Johan Persson wrote: > I'm working with a an IMAP client for a S60 (Nokia) phone and we are having a > small problem (not in Dovecot!) but somewhere deep in our own system which > has > to do with certificates that are self signed. > > Somehow in some circumstance if you accept a self-signed certificate as an > exception then the client will send a strange command to the imap-login which > it doesn't recognize. We are quite sure this is a problem in our own system > and not with Dovecot
So it's not easily reproducible? > Since we have no access to the certificate (SSL/TLS) handling code we are a > bit at loss here and have to "proof" to "the other" guys in Finland that it's > there fault :-) You mean a bug in S60 libraries? > imap-login: Disconnected (no auth attempts): rip=some.ip.address > user_name=192.168.0.2, TLS handshaking: SSL_accept() failed: > error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpectedmessage .. > Is there some more debugging we could enable to see exactly the type of wrong > command the SSL/certificate handling are send in the handshake procedure ? > > (We have all the debug and/or the auth_* flags in dovecot.conf enabled > already) verbose_ssl=yes makes Dovecot log all errors/warnings that OpenSSL can tell (AFAIK). Perhaps you could use this: http://crypto.stanford.edu/~eujin/sslsniffer/index.html
signature.asc
Description: This is a digitally signed message part
