Re: Imapd.conf tls_key_file bug

From: Lawrence Greenfield (leg plus at andrew dot cmu dot edu)
Date: Tue Sep 04 2001 - 17:51:49 EDT

• Next message: Lawrence Greenfield: "Re: Cyrus quota exceeded + Postfix temporary failure"
• Previous message: Lawrence Greenfield: "Re: Deliver -l -q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We'll ignore trailing whitespace in imapd.conf in the next release.

Thanks,
Larry

   Date: Fri, 24 Aug 2001 10:54:55 -0500
   From: Jacob Rush <>

   This little quirk drove me crazy for a pretty good part of the afternoon
   yesterday..
   I was having trouble geting 993/imaps to work.

   My imap.conf looks like :

   configdirectory: /var/imap
   partition-default: /var/spool/imap
   admins: jrush
   sasl_pwcheck_method: pwcheck
   tls_cert_file: /var/imap/server.pem
   tls_key_file: /var/imap/server.pem

   The error I was getting was this:

   :19 int-mail2 imapd[905]: TLS engine: cannot load CA data
   Aug 24 09:18:19 int-mail2 imapd[905]: unable to get private key from '/var/imap/server.pem '
   Aug 24 09:18:19 int-mail2 imapd[905]: TLS engine: cannot load cert/key data
   Aug 24 09:18:19 int-mail2 imapd[905]: error initializing TLS: [CA_file: ] [CA_path: ] [cert_file: /var/imap/server.pem] [key_file: /var/imap/server.pem ]

   In a act of despiration I did a strace -f on master and found this
   interesting tidbit.

   906 open("/var/imap/server.pem", O_RDONLY) = 14
   906 fstat64(14, {st_mode=S_IFREG|0644, st_size=2440, ...}) = 0
   906 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40e52000
   906 read(14, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 2440
   906 close(14) = 0
   906 munmap(0x40e52000, 4096) = 0
   906 open("/var/imap/server.pem ", O_RDONLY) = -1 ENOENT (No such file or directory)
   906 getpid() = 906

   It opens up the server.pem once (presumably to get the certificate) then
   it trys again (I assume to get the key) and fails.. Why??
   Well after stairing at this output for about 2 minutes it hit me. There
   is a space after where I define they tls_key_file AAHH!!! So it is
   trying to open "/var/imap/server.pem "

   Redhat 7.1
   Cyrus imap 2.0.16
   Cyrus sasl 1.5.24
   Redhat 7.1 rpms of
   Openssl-0.9.6-3
   Openssl-devel-0.9.6-3

   This only seems to be a issue with tls_key_file if you put a space
   after tls_cert_file it seems to function properly.. (AFAIK anyway I do
   not have this server completely setup so there is no mail on it yet but
   you still can check your mailbox without any errors on the client side)

• Next message: Lawrence Greenfield: "Re: Cyrus quota exceeded + Postfix temporary failure"
• Previous message: Lawrence Greenfield: "Re: Deliver -l -q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]