251047 – net-mail/courier-imap-4.4.1-r1: mkimapcert/mkpopdcert fail with supplied imapd.cnf/pop3d.cnf files

Bug 251047 - net-mail/courier-imap-4.4.1-r1: mkimapcert/mkpopdcert fail with supplied imapd.cnf/pop3d.cnf files

Summary: net-mail/courier-imap-4.4.1-r1: mkimapcert/mkpopdcert fail with supplied imap...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-15 17:55 UTC by Paul DuBois
Modified:	2016-08-09 08:50 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul DuBois 2008-12-15 17:55:26 UTC

Install courier-imap-4.4.1-r1, which installs default imapd.cnf and pop3d.cnf files in /etc/courier-imap. Run mkimapdcert or mkpop3dcert to generate certificates, and they fail as follows:

/etc/courier-imap# mkimapdcert imapd.cnf
Generating a 512 bit RSA private key
...........++++++++++++
.++++++++++++
writing new private key to '/etc/courier-imap/imapd.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
6121:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name
/etc/courier-imap# mkpop3dcert
Generating a 512 bit RSA private key
.......++++++++++++
..................++++++++++++
writing new private key to '/etc/courier-imap/pop3d.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
6129:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name

This appears to be due to a change in the format of the supplied .cnf files sometime after courier-imap-4.1.2-r1.

Reproducible: Always

Steps to Reproduce:
1. emerge courier-imap-4.4.1-r1
2. run mkimapdcert and mkpop3dcert

Comment 1 Paulo J. Matos 2009-04-18 19:26:01 UTC

Any idea what needs to be changed for the certificates to be generated?

Comment 2 Paulo J. Matos 2009-04-18 19:35:24 UTC

(In reply to comment #1)
> Any idea what needs to be changed for the certificates to be generated?
> 

Found it... here's an example that works:
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=UK
ST=Hampshire
L=Southampton
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=drserver
emailAddress=xxx@gmail.com

[ cert_type ]
nsCertType = server

Comment 3 Paul DuBois 2009-04-19 00:12:45 UTC

(In reply to comment #2)
> (In reply to comment #1)
> > Any idea what needs to be changed for the certificates to be generated?
> > 
> 
> Found it... here's an example that works:
> [ req ]
> default_bits = 1024
> encrypt_key = yes
> distinguished_name = req_dn
> x509_extensions = cert_type
> prompt = no
> 
> [ req_dn ]
> C=UK
> ST=Hampshire
> L=Southampton
> O=Courier Mail Server
> OU=Automatically-generated IMAP SSL key
> CN=drserver
> emailAddress=xxx@gmail.com
> 
> [ cert_type ]
> nsCertType = server
> 

Yes, that format worked for me, too. It's the format that was used previously in older versions.

So it appears that 4.4.1 should leave the old format alone and not change it to something else.

Comment 4 Damien Hammer 2012-06-17 17:53:01 UTC

(In reply to comment #3)
Same here. This fixed the problem.