Re: [Evolution] SSL Unknown CA or Bad Record MAC

From: Jeffrey Stedfast <fejj ximian com>
To: ximian-evolution squalor org
Cc: evolution ximian com
Subject: Re: [Evolution] SSL Unknown CA or Bad Record MAC
Date: 03 Jan 2003 18:35:12 -0500

On Fri, 2003-01-03 at 17:40, ximian-evolution squalor org wrote:

Do you mean that openssl on the server side ignores the error within
the openssl library? Because openssl on the client side doesn't ignore
the error - the error *NEVER* occurs. I've been looking and the decoded
packets through ethereal and there simply isn't an error sent back from
the server.


maybe that error isn't sent in a packet? I'm not exactly sure what the
error means, but I would have suspected an error in the certificate or
in the validation of the certificate, not an error packet from the
server.


How can you be so sure that it's not a bug in Evolution (or did I just take
the bait)?


because evolution doesn't implement SSL and it sure as hell isn't
capable of producing a "Bad Record MAC" error string? :-)

this is why I say maybe it's a bug in mozilla's nss ssl library.

Jeff


On Fri, Jan 03, 2003 at 05:31:43PM -0500, Jeffrey Stedfast wrote:

maybe openssl ignores the error? or maybe there is a bug in mozilla's
nss libs? I dunno, but it's not a bug in evolution - that is for sure :\

Jeff

On Fri, 2003-01-03 at 17:03, ximian-evolution squalor org wrote:

[Having problems getting email to the list correctly - my fault - but
hopefully this will get there correctly, but apologies if there duplicates]

I'm having problems with Evolution v1.2.1 on RedHat 8.0. I have IMAP
over SSL working (didn't originally due to "Unknown CA" but deleted
~/evolution/cert7.db and now works) but now I get "Bad Record MAC"
when trying to connect to an SMTP server over SSL (SSL is provided on the
server using stunnel).

If I use 

  openssl s_client -connect mymailserver.com:465 -cipher RC4-MD5

everything works correctly. 

From looking at the packets using ethereal, Evoultion uses the same cipher
but I get "Bad Record MAC" and a dialog reporting "Input/Output" error.

Client: openssl-0.9.6b-29
Server: openssl-0.9.6b-28 
        stunnel 3.22 on i686-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.6b [engine] 9 Jul 2001

Ideas and suggestions welcome.

-- 
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com  - www.ximian.com

-- 
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com  - www.ximian.com

Follow-Ups:
- Re: [Evolution] SSL Unknown CA or Bad Record MAC
  - From: ximian-evolution

References:
- [Evolution] SSL Unknown CA or Bad Record MAC
  - From: ximian-evolution
- Re: [Evolution] SSL Unknown CA or Bad Record MAC
  - From: Jeffrey Stedfast
- Re: [Evolution] SSL Unknown CA or Bad Record MAC
  - From: ximian-evolution

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]