* [9fans] now the real reason ... tls mail
@ 2007-05-29 6:10 ron minnich
2007-05-29 9:18 ` Richard Miller
0 siblings, 1 reply; 4+ messages in thread
From: ron minnich @ 2007-05-29 6:10 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I'm following the instructions (I think) so that macos can read mail
over imap4d over tls.
I have used the openssl command to create cert.pem and imap.pem.
I have copied key.pem over and done the factotum dance:
I get something like this (not all of it)
key proto=sshrsa size=1024 ek=10001 n=etc.
Should that really be sshrsa?
error is this:
roo May 28 18:48:29 76.103.89.146!62583 tls reports recv ClientHello
version: 0301
random: 0000000000000000000000000000000084e03cff91e9bedc11b09821c53f7526
sid: []
ciphers: [2f 5 4 35 a ff83 9 ff82 3 8 6 ff80 32 33 34 38 39 3a 16 15
14 13 12 11 18 1b 1a 17 19 1 ]
compressors: [00 ]
roo May 28 18:48:29 76.103.89.146!62583 tls reports ClientHello version 301
roo May 28 18:48:29 76.103.89.146!62583 tls reports cipher 5,
compressor 0, csidlen 0
roo May 28 18:48:29 76.103.89.146!62583 tls reports tlsError:
factotum_rsa_open: no key matches proto=rsa service=tls role=client
roo May 28 18:48:29 76.103.89.146!62583 tls reports failed: no key
matches proto=rsa service=tls role=client
the proto in factotum is sshrsa, is there any way that can match rsa?
Even if I change that, the error changes not. Even if I add
service=tls role=client, the error changes not.
So, I am working with multiple levels of my own lack of understanding.
Any clues here?
I'm even more ocnfused since I can't figure out how macos mail is
going to deal with this, I never having seen any step where I give it
a key or certificate or some such. But, then, I have a way of screwing
this stuff up.
thanks
ron
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] now the real reason ... tls mail
2007-05-29 6:10 [9fans] now the real reason ... tls mail ron minnich
@ 2007-05-29 9:18 ` Richard Miller
2007-05-29 9:26 ` Christian Kellermann
0 siblings, 1 reply; 4+ messages in thread
From: Richard Miller @ 2007-05-29 9:18 UTC (permalink / raw)
To: 9fans
> I have used the openssl command to create cert.pem and imap.pem.
I think you're making things difficult for yourself by not doing
everything under Plan 9. I just tried following the hints
in tlssrv(8), pop3(8) and rsa(8) -- here's the transcript:
On the server (vt310):
term% auth/rsagen -t 'service=tls' >key
term% auth/rsa2x509 'C=UK CN=*.hamnavoe.com' key | auth/pemencode CERTIFICATE >cert
term% cat key >/mnt/factotum/ctl
term% cp cert /sys/lib/tls/imap.pem
term% cat >/bin/service.auth/tcp993 <<EOF
#!/bin/rc
exec tlssrv -c/sys/lib/tls/imap.pem -limap4d -r`{cat $3/remote} \
/bin/ip/imap4d -p -dhamnavoe.com -r`{cat $3/remote} \
>[2]/sys/log/imap4d
EOF
term% chmod +x /bin/service.auth/tcp993
term% passwd
Plan 9 Password: ********
change Plan 9 Password? (y/n) n
change Inferno/POP password? (y/n) y
make it the same as your plan 9 password? (y/n) y
term%
Note that if vt310 was not already running as an auth server, I would
also have had to start auth/keyfs and 'aux/listen -t /bin/service.auth tcp'
(before changing my POP password).
On the client:
term% upas/fs -f/imaps/vt310/miller
upas/fs: server certificate 2DE3574F53CB87FFDBF1068CFA27B8D48586B37B not recognized
term% cat <<EOF >>/sys/lib/tls/mail
x509 sha1=2DE3574F53CB87FFDBF1068CFA27B8D48586B37B vt310
EOF
term% upas/fs -f/imaps/vt310/miller
!Adding key: proto=pass server=vt310 service=imap user=miller
password: ********
!
term% mail
10 messages
: term%
So it seems to have found the mailbox. Then I tried setting up
an IMAP account on my iMac mail.app to fetch from vt310, ticking
the 'Use SSL' box in the Accounts>Advanced dialogue. That works too,
except for giving a warning message "... The root certificate for
this server could not be verified ... Would you like to continue
anyway?" I don't know if there's a way to silence this message
other than getting your certificate signed by a reputable CA.
-- Richard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-05-29 10:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-29 6:10 [9fans] now the real reason ... tls mail ron minnich
2007-05-29 9:18 ` Richard Miller
2007-05-29 9:26 ` Christian Kellermann
2007-05-29 10:25 ` Richard Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).