[Users] [Bug 3684] New: Socket error with POP3 using TLS client certificate
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Fri Sep 2 09:49:47 CEST 2016
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3684
Bug ID: 3684
Summary: Socket error with POP3 using TLS client certificate
Classification: Unclassified
Product: Claws Mail
Version: 3.14.0
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P3
Component: POP3
Assignee: users at lists.claws-mail.org
Reporter: thomas-forum at orgis.org
I am trying to access a POP3 account using a client certificate. The following
works:
shell$ openssl s_client -starttls pop3 -connect example.org:110 -key
username.key -cert username.cert
[...]
Requested Signature Algorithms:
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms:
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2939 bytes and written 1856 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: [...]
Session-ID-ctx:
Master-Key: [...]
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket: [...]
Compression: 1 (zlib compression)
Start Time: 1472801489
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
+OK Dovecot ready.
USER username
+OK
PASS blabla
+OK Logged in.
LIST
+OK 128 messages:
1 2120
2 13332
3 1040
[...]
.
QUIT
DONE
I tried using the client certificate in claws and failed so far. I figured out
that I apparently need to concatenate the key and cert into one file, otherwise
claws gives a parsing error. Now it seems to be happy with the key, but the
connection fails with this debug output:
** Message: Account 'XXXXXXXX': Connecting to POP3 server: example.org:110...
session.c:202:session (0x2b71d60): connected
[09:45:05] POP3< +OK Dovecot ready.
[09:45:05] POP3> STLS
[09:45:06] POP3< +OK Begin TLS negotiation now.
ssl.c:237:waiting for SSL_connect thread...
passwordstore.c:184:Getting password 'recv_cert' from block (1/35)
passwordstore.c:196:Password 'recv_cert' in block (1/35) not found.
ssl_certificate.c:258:got 1 certs in crt_list! 0xXXXXXXXX
ssl_certificate.c:315:got key! 0xXXXXXXX
ssl.c:255:SSL_connect thread returned -50
** (claws-mail:32617): WARNING **: SSL connection failed (The request is
invalid.)
** (claws-mail:32617): WARNING **: couldn't start TLS session.
session.c:376:session (0x2b71d60): closed
Did I still do something wrong? Other people successfully fetch their mail from
that server using mpop.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list