Fwd: Cyrus and SSL

Craig White craigwhite at azapple.com
Sat Dec 9 06:19:28 UTC 2006 

On Fri, 2006-12-08 at 15:40 -0500, redhatdude at bellsouth.net wrote:
> >
> >> On Fri, 2006-12-08 at 05:28 -0500, redhatdude at bellsouth.net wrote:
> >>> This is the error I get when I try to connect to cyrus-imapd  
> >>> using ssl.
> >>>
> >>> Dec  8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/ 
> >>> imapd
> >>> Dec  8 05:22:43 imaps[15768]: accepted connection
> >>> Dec  8 05:22:43 imaps[15783]: executed
> >>> Dec  8 05:22:43 imaps[15768]: unable to get certificate from '/etc/
> >>> pki/cyrus-imapd/cyrus-imapd.pem'
> >>> Dec  8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/ 
> >>> key
> >>> data
> >>> Dec  8 05:22:43 imaps[15768]: error initializing TLS
> >>> Dec  8 05:22:43 imaps[15768]: Fatal error: tls_init() failed
> >>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Database handles  
> >>> remain at
> >>> environment close
> >>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: / 
> >>> var/
> >>> lib/imap/tls_sessions.db
> >>> Dec  8 05:22:43 imaps[15768]: DBERROR: error exiting application:
> >>> Invalid argument
> >>> Dec  8 05:22:43 master[15756]: process 15768 exited, status 75
> >>> Dec  8 05:22:43 master[15756]: service imaps pid 15768 in BUSY  
> >>> state:
> >>> terminated abnormally
> >>>
> >>> If I don't use SSL it works fine. I even tried creating my own certs
> >>> and it's just the same.
> >>> Please help.
> >>> EJ
> >> ----
> >> TLS server engine: cannot load cert/key data is certainly a  
> >> problem but evidently there is also something very wrong with /var/ 
> >> lib/imap/tls_sessions.db
> >>
> >> you might want to delete that file and restart cyrus-imapd so it  
> >> gets recreated. I would presume that it like all other things  
> >> cyrus-imapd should be cyrus:mail ownership and in checking on my  
> >> system, that file is 600.
> >>
> >> you might want to check dmesg/syslog/audit.log to see if selinux  
> >> is involved in /var/lib/imap/tls_sessions.db issue too.
> >>
> >> Craig
> >>>
> >
> > SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and  
> > cyrus created a new one. I created the certs for cyrus, changed  
> > ownership to cyrus:mail and did chmod 600. I'm still having the  
> > same problem.
> >
> > EJ
> 
> I've done everything possible to get cyrus to read my certs or keys  
> or anything created with openssl to no avail. I keep getting the same  
> error. SSL works flawlessly with postfix, but not with cyrus. I'm  
> starting to think it's a problem with cyrus.
> Help please,
----
perhaps you should answer the questions that I asked or go to
cyrus-imapd list because you aren't giving enough info for anyone to be
of much help.

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Craig

More information about the fedora-list mailing list