Re: [vchkpw] starttls crashes on vpopmail with mysql

Mon, 03 Jul 2006 15:13:18 -0700

Title: Ingo Claro
Jeremy:

I do this for every test:

1) in vpopmail src
1.1) make clean
1.2) ./configure xxxxxx
1.3) make
1.4) make install-strip
2) in qmail src
2.1) make clean
2.2) make
2.3) qmailctl stop
2.4) make setup check
2.5) qmailctl start

when I leave xxxx blank (./configure alone) starttls works fine
when I use xxxx = "--enable-auth-module=mysql" and a remote mysql, it crashes.


regards,

Ingo Claro F.
Gerente de Operaciones
[EMAIL PROTECTED]
(+56-2) 43 00 155
NetRed S.A.
Certificado ISO 9001:2000


Jeremy Kitchen escribió: 
On Monday 03 July 2006 12:38, Ingo Claro wrote:
  
select(1, [0], NULL, NULL, {1177, 147000}) = 1 (in [0], left {1172,
868000}) read(0, "starttls\r\n", 1024)           = 10
brk(0)                                  = 0x8407000
brk(0x8428000)                          = 0x8428000
open("control/clientca.pem", O_RDONLY)  = -1 ENOENT (No such file or
directory)
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\3364\355\233p\277\303\240\320\350|\24H\254[\0%k\22\251"...,
32) = 32
open("control/servercert.pem", O_RDONLY) = 4
    

  
looking it crashes while reading servercert.pem, so here it goes too.
The strange thing, as I mentioned earlier, is that with vpopmail without
mysql it works fine.
    

strange.  I would say try doing a 'make clean' on your qmail source directory, 
recompiling and reinstalling with new binaries and give that a try.  If that 
doesn't work... I don't know :(

  
lrwxrwxrwx  1 root     root    33 Jun 28 03:38 clientcert.pem ->
/var/qmail/control/servercert.pem
-rw-r-----  1 vpopmail qmail 1937 Jun 28 03:38 servercert.pem
    

  
-----BEGIN RSA PRIVATE KEY-----
    
eek!

don't ever post this publicly!  You should go right now and generate a new 
keypair and destroy this one.  Otherwise people may be able to use this to 
forge communications from your company.  Private keys are exactly what they 
sound: private.  The public key is fine to distribute publicly, use in 
marketing material, print 1 million copies of it and post them throughout 
moscow, whatever.. but the private key *must* remain private.

On a lighter note, providing it did help with one thing.. the private key is 
not encrypted, so it's not bombing out while trying to find a passphrase ;)

-Jeremy

Reply via email to