Hi, I've been having problems contacting gentoo IMAP server for weeks but didn't know whether to blame transatlantic link, evolution or gentoo infra itself. Well, it looks like it's not evolution at least. Here's what I've got connecting "by hand": $ openssl s_client -connect mail.gentoo.org:993 CONNECTED(00000003) 139872629479080:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 211 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- This very same command worked fine like 10 minutes ago and I was able to perform IMAP operations just fine. Here is the result of previous run: $ openssl s_client -connect mail.gentoo.org:993 CONNECTED(00000003) depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support@cacert.org verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=New Mexico/L=Albuquerque/O=GENTOO Foundation, Inc./OU=dev.gentoo.org IMAP SSL key/CN=dev.gentoo.org i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root 1 s:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org 2 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org --- Server certificate -----BEGIN CERTIFICATE----- MIIE9TCCAt2gAwIBAgIDANVGMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwNjIwMDE1OTI5WhcNMTMwNjE5 MDE1OTI5WjCBmTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBNZXhpY28xFDAS BgNVBAcTC0FsYnVxdWVycXVlMSAwHgYDVQQKExdHRU5UT08gRm91bmRhdGlvbiwg SW5jLjEkMCIGA1UECxMbZGV2LmdlbnRvby5vcmcgSU1BUCBTU0wga2V5MRcwFQYD VQQDEw5kZXYuZ2VudG9vLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAN4p7MDeNwbIwAe5yKx/cKciJdhwm45f2XXQMu8i1Dxi/pFOGb6ProFoHZJV cn52/XnB7a4VJ3H2G/vgInnR9w6Z3kB7MEVfZrdLf/PLT7YBS63OawzhISyPGy3n ldOCIACYZfUvIaGvpc9x0SCPQQGJEFqJ34Q88whrHpRtawudlsiiJQ9Ee17w4eTI 5yC/LPDgGPk/eo0xxMzZ2Utse0gFZmSiSFnPQBM9dLr21MW7lsGgWvuBuynrYJze AHbVcimari8JdbXTBjS/ffyzJ2QTPfUhIKEtf0tjlh9dIBDASGP08IXEJf+KFcs8 vhiIWxedD9bThDAm8GfTp7wNHGUCAwEAAaOBiTCBhjAMBgNVHRMBAf8EAjAAMDQG A1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3 CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0 dHA6Ly9vY3NwLmNhY2VydC5vcmcvMA0GCSqGSIb3DQEBBQUAA4ICAQCeXSd2gQZo bL+woilqv6sXfc15hyKTr2I2RTwY0joMMXTmNHjEdWx+FWULs1kAKIsbyqNEa47y aIIpj2IZU8ekkrtCtTMSfTjW7VQSHJXN036xZtbUtL5H5aUyGXqnrkmAy1sJF4YO +Ha940fPaIjhAieScDwsWjFoO1+1PLJN20t0HklAfswoXQ4EiU+Mns8i7bqyc1c1 /nj6drYXhE+zi+5JM7pzMzQ+dOP62CnprXIS2ha7HUA/e00cJqE0eqTljhF7JfON 3kTyJYBeRoVN0ButsPR+cv6dhZEVM/ge4H2EnT1Y5vgmd4ohvhWKPZg4VaCIk4Q7 IHo1sQG7Ms9IAw+B1ONN5PwS7ZRuQ+xeilEfmTEVo8nm+uPUV4RVP5qW+WE42YZi 53p4STRqRmUtp4bq3Y5OUdGG9IJeyBwGfudZ2yOFma79GfD1L8dul1NDwvt1EzOW DTr1tbVK4DvmXrOw4CkelL/ueW2DC4poy/NS9ujUf0fjJVd9JRvUer8C82vcrcaa fSexQnTllOxYXLJ6zzpCwb+yphT/F9p6eOq/08TUOK7dlrIVw8xnXzum0S2wZZ9W FxP0cbzpJCqx5xM1ZrEijUN234THnFXSh7P9GzFZx4dzbwnoJTbJ2pLEBe2I2+Tm iNKHAj4YZwttBexXja6QBe4OtmRTuCiEgA== -----END CERTIFICATE----- subject=/C=US/ST=New Mexico/L=Albuquerque/O=GENTOO Foundation, Inc./OU=dev.gentoo.org IMAP SSL key/CN=dev.gentoo.org issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- No client certificate CA names sent --- SSL handshake has read 5000 bytes and written 537 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 4EBBAC6AC9DD381411BAD1BB052F93371B8D9820D006ECB3317C664B96D35ED0 Session-ID-ctx: Master-Key: 3AAA76619C88677E38444311C36105DE182E7F8570D0FC896D89AE1B54CFB9B61F687D71BEDEEC8A566BBA47D21B225D Key-Arg : None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 06 9a bf 28 b3 39 c5 be-62 76 17 b2 4d b3 db d6 ...(.9..bv..M... 0010 - e3 2b 10 96 e2 07 3b c9-d2 b3 8a 63 a2 9f ed 28 .+....;....c...( 0020 - 1f 24 07 ad 18 f8 11 12-75 8a 6a 25 29 98 6e f0 .$......u.j%).n. 0030 - cf 54 99 fa 4f d1 c6 50-2d 30 12 de 46 15 74 28 .T..O..P-0..F.t( 0040 - 7e 01 aa 0d 2b 95 d0 96-ec 72 22 ce 75 ef b4 0e ~...+....r".u... 0050 - 62 1b eb 03 01 e6 4d b2-37 4b d9 60 5a b6 d9 88 b.....M.7K.`Z... 0060 - e1 fa 5e 03 8b 72 2e 01-3b 9f 8a 13 d9 56 1e 74 ..^..r..;....V.t 0070 - ba b2 97 08 58 71 4e 83-ed c1 4a da 1c 5b b0 bb ....XqN...J..[.. 0080 - f6 81 92 9e 15 5a 6b 75-56 83 19 9c ca 82 2f 02 .....ZkuV...../. 0090 - 2b e3 c3 59 35 89 4c 63-a7 e8 4e 9f 48 9f 43 6d +..Y5.Lc..N.H.Cm Compression: 1 (zlib compression) Start Time: 1320358443 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. a01 CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION a01 NO Error in IMAP command received by server. a02 LOGIN eva ********** a02 OK LOGIN Ok. Hope this is the proper place to take this to.
I can connect right now fine. The fact there was no SSL makes me wonder if there is something weird at your ISP. When it fails, can you reach http://dev.g.o/ at all?
Yes, I can ssh/ping. Thought about something before falling asleep, maybe there's a limit of connections allowed per IP address. Recent evolution default to 5 parallel connections to an IMAP server and manually opening 5 with openssl s_client fails at the fifth. It looks like decreasing the number of parallel connections in evolution settings gets me a working imap again :). I'll confirm this this weekend as I've only tested this for 10 minutes right now.
ah, our limit was set at 4 per IP. I've raised it to 10.
Yeah, works perfectly fine now. Thanks.
Thanks.