Brad wrote:
On Sunday 19 April 2009 03:42:03 Brad wrote:
On Sunday 19 April 2009 00:47:20 Brad wrote:
On Saturday 18 April 2009 16:31:10 Timo Sirainen wrote:
On Sat, 2009-04-18 at 22:26 +0200, Christian Rueger wrote:
dovecot: imap-login: Disconnected (no auth attempts): rip=Y.Y.Y.Y,
lip=X.X.X.X, TLS handshaking: SSL_accept() failed:
error:0307F041:bignum routines:BNRAND:malloc failure
Oh. malloc() failed? See if increasing login_process_size helps (or se
it to 0 to disable the limit).
I am not seeing the bit about SSL_accept() and setting login_process_size
to 0 does not help.
Another thing I forgot to mention... I had someone else do some testing
with two 32-bit systems (i386) and he was not able to reproduce the issue.
I haven't had a chance to double check this but I will tomorrow. So this is
starting to look like it is specific to 64-bit systems. I am using amd64
here.
Even weirder I have found Windows systems running Thunderbird at least
can establish a TLS session fine.
From another OpenBSD system..
$ openssl s_client -connect mail.comstyle.com:143 -starttls imap
CONNECTED(00000004)
depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP
server/CN=mail.comstyle.com/emailaddress=postmas...@comstyle.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP
server/CN=mail.comstyle.com/emailaddress=postmas...@comstyle.com
verify return:1
20082:error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid public
key:/usr/src/lib/libssl/src/crypto/dh/dh_key.c:216:
20082:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:DH
lib:/usr/src/lib/libssl/src/ssl/s3_clnt.c:2109:
The GNUTLS CLI client and NSS (Thunderbird - also tested on OpenBSD) seem
to be fine establishing a TLS session.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
