Stefan Gofferje wrote, on 10.12.2013 16:33:
> Maybe the existing options could just be extended, like in the Postfix
> setting for TLS, e.g.
>
> tls_imap_require_cert: no|ask|require
Changing the way how existing options work and breaking compatibility to
existing configurations is most likely no
On 12/10/2013 12:49 PM, Wolfgang Breyha wrote:
> cyrus distinguishes between asking for a cert and requiring a cert. I don't
> know why, sorry. Sometimes it is practical to ask for a cert and only try to
> verify it without enforcing it. But asking for certs while incapable to verify
> them (withou
Stefan Gofferje wrote, on 10.12.2013 08:17:
> There are options?
>
> tls_require_cert: false
> tls_imap_require_cert: false
> tls_pop3_require_cert: false
> tls_lmtp_require_cert: false
> tls_sieve_require_cert: false
>
> Why ask for a cert when the config says it's not needed? Or do I see
> this
On 12/09/2013 07:10 PM, Wolfgang Breyha wrote:
> My patch is not suitable for general use. IMO client cert requests should
> either depend on a new option or on the availability of configured CAs.
> Both is possible, but I'm not aware of the reason why client certs are
> requested historically.
>
On 2013-12-09 18:10, Wolfgang Breyha wrote:
> I would simply make it dependent of CA availability.
proposed patch for that:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3830
Greetings, Wolfgang
--
Wolfgang Breyha | http://www.blafasel.at/
Vienna University Computer Center | Austria
Cyrus
On 2013-12-09 16:59, Stefan Gofferje wrote:
> That worked fine :). Thanks. Is it planned to integrate your patch into
> Cyrus? It *is* kinda illogical to ask for a client cert when client cert
> authentication is explicitly disabled ^^.
My patch is not suitable for general use. IMO client cert req
On 12/09/2013 03:09 PM, Wolfgang Breyha wrote:
> You can either connect to ports 993/995 to prevent the use of client certs
That worked fine :). Thanks. Is it planned to integrate your patch into
Cyrus? It *is* kinda illogical to ask for a client cert when client cert
authentication is explicitly
On 2013-12-07 10:08, Stefan Gofferje wrote:
> On 12/03/2013 09:28 PM, Stefan Gofferje wrote:
>> So why does Thunderbird ask me which certificate to use for
>> authentication? Does my Cyrus ask for a client certificate or does it
>> not? ^^
>
> Nobody a clue?
It depends. On IMAPS/POP3S ports cyrus
On 12/03/2013 09:28 PM, Stefan Gofferje wrote:
> So why does Thunderbird ask me which certificate to use for
> authentication? Does my Cyrus ask for a client certificate or does it
> not? ^^
Nobody a clue?
--
(o_ Stefan Gofferje| SCLT, MCP, CCSA
//\ Reg'd Linux User #247167 |
On 12/03/2013 08:01 PM, Dan White wrote:
>> On 12/03/2013 04:39 PM, Dan White wrote:
> This looks successful, from the server's viewpoint.
Yesyes, when I click "cancel" when Thunderbird asks which certificate to
use, everything goes fine.
However, if I *do* tell Thunderbird to use a certificate,
On 12/03/13 19:52 +0200, Stefan Gofferje wrote:
>On 12/03/2013 04:39 PM, Dan White wrote:
>> What log entries do you see during TLS authentication?
>
>Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded -> done
>Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
>DHE-RSA-CAMELLIA256
On 12/03/2013 04:39 PM, Dan White wrote:
> What log entries do you see during TLS authentication?
Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded -> done
Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA (256/256 bits new) no authentication
Dec 3 19:13
On 12/03/13 14:29 +0200, Stefan Gofferje wrote:
>Hi,
>
>I have a Cyrus IMAP and Postfix running. Some time ago, I configured
>them for TLS and recently, I started to use also Thunderbird on those
>and Thunderbird is asking me on startup which certificate to use for
>identification for IMAP. Is ther
Hi,
I have a Cyrus IMAP and Postfix running. Some time ago, I configured
them for TLS and recently, I started to use also Thunderbird on those
and Thunderbird is asking me on startup which certificate to use for
identification for IMAP. Is there a way to tell Cyrus to *not* request
the client cert
14 matches
Mail list logo
