IMAP/SSL issue.

Igor Sysoev is at rambler-co.ru
Tue Jul 29 13:00:52 MSD 2008


On Tue, Jul 29, 2008 at 12:16:29AM -0400, Bryan Allen wrote:

> I'm trying to get the IMAP/SSL module working and running into an odd issue.
> Plaintext connections work just fine, but SSL connections don't seem to contact
> the auth daemon.
> 
> # imtest -p 143 -a $USER -m login localhost
> S: * OK IMAP4 ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4rev1 UIDPLUS SORT AUTH=PLAIN
> S: C01 OK completed
> Please enter your password: 
> C: L01 LOGIN $USER {8}
> S: + OK
> C: <omitted>
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 0
> 
> # imtest -s -p 993 -a $USER -m login localhost
> verify error:num=20:unable to get local issuer certificate
> verify error:num=27:certificate not trusted
> verify error:num=21:unable to verify the first certificate
> TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> S: * OK IMAP4 ready
> C: C01 CAPABILITY
> failure: prot layer failure
> 
> 2008/07/28 20:14:52 [notice] 422#0: using the "/dev/poll" event method
> 2008/07/28 20:14:52 [notice] 422#0: nginx/0.7.6
> 2008/07/28 20:14:52 [notice] 422#0: built by gcc 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
> 2008/07/28 20:14:52 [notice] 422#0: OS: SunOS 5.10
> 2008/07/28 20:14:52 [notice] 422#0: version: Generic_127112-03
> 2008/07/28 20:14:52 [notice] 422#0: getrlimit(RLIMIT_NOFILE): 1024:1024
> 2008/07/28 20:14:52 [notice] 422#0: start worker processes
> 2008/07/28 20:14:52 [notice] 422#0: start worker process 423
> 2008/07/28 20:15:14 [debug] 423#0: *1 accept: 127.0.0.1 fd:10
> 2008/07/28 20:15:14 [debug] 423#0: malloc: 000000000062DFE0:328
> 2008/07/28 20:15:14 [info] 423#0: *1 client 127.0.0.1 connected to 0.0.0.0:993
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_do_handshake: -1
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_get_error: 2
> 2008/07/28 20:15:14 [debug] 423#0: *1 devpoll add event: fd:10 ev:0001
> 2008/07/28 20:15:14 [debug] 423#0: *1 devpoll fd:10 ev:0001 fl:0000
> 2008/07/28 20:15:14 [debug] 423#0: *1 event timer add: 10: 60000:1217290574610
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL handshake handler: 0
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_do_handshake: -1
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_get_error: 2
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL handshake handler: 0
> 2008/07/28 20:15:14 [debug] 423#0: *1 http ssl new session: ADF535E5:32:119
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_do_handshake: 1
> 2008/07/28 20:15:14 [debug] 423#0: *1 devpoll del event: fd:10 ev:0001
> 2008/07/28 20:15:14 [debug] 423#0: *1 devpoll fd:10 ev:0800 fl:0000
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL: TLSv1, cipher: "DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1"
> 2008/07/28 20:15:14 [debug] 423#0: *1 malloc: 000000000062A400:256
> 2008/07/28 20:15:14 [debug] 423#0: *1 event timer: 10, old: 1217290574610, new: 1217290574641
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL to write: 18
> 2008/07/28 20:15:14 [debug] 423#0: *1 SSL_write: 18
> 2008/07/28 20:16:14 [debug] 423#0: *1 event timer del: 10: 1217290574610
> 2008/07/28 20:16:14 [info] 423#0: *1 client timed out (145: Connection timed out) while in auth state, client: 127.0.0.1, server: 0.0.0.0:993
> 2008/07/28 20:16:14 [debug] 423#0: *1 close mail connection: 10
> 2008/07/28 20:16:14 [debug] 423#0: *1 SSL_shutdown: 1
> 2008/07/28 20:16:14 [debug] 423#0: *1 free: 000000000062DFE0
> 2008/07/28 20:16:14 [debug] 423#0: *1 free: 00000000006050F0, unused: 8
> 2008/07/28 20:16:14 [debug] 423#0: *1 free: 000000000062A400, unused: 176

The attached patch should fix the bug.


-- 
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/mail/ngx_mail_handler.c
===================================================================
--- src/mail/ngx_mail_handler.c	(revision 1440)
+++ src/mail/ngx_mail_handler.c	(working copy)
@@ -198,7 +198,13 @@
             return;
         }
 
+        if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
+            ngx_mail_close_connection(c);
+            return;
+        }
+
         ngx_mail_init_session(c);
+
         return;
     }
 


More information about the nginx mailing list