Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 253950

Summary: net-mail/courier-imap-4.0.6-r3 breaks TLS (hash certs culprit ?)
Product: Gentoo Linux Reporter: Romain Riviere <gentoo>
Component: [OLD] ServerAssignee: Patrick McLean <chutzpah>
Status: RESOLVED INVALID    
Severity: normal CC: net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Romain Riviere 2009-01-06 08:25:22 UTC
After upgrading from 4.0.6-r3, connections to imapd cause the following error :

imapd-ssl: couriertls: connect: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

This is the same bug as described here : http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/7dca521cd8e6315f
Except it also happens with 4.0.6-r3 on Gentoo.

Reproducible: Always




Because cyrus-sasl's authdaemond USE flag depends on courier-imap, postfix's smtpd will fail similarly if it uses cyrus' SASL implementation.
Comment 1 Romain Riviere 2009-01-07 19:05:01 UTC
Update : actually downgrading courier-imap did not change anything.
I am not sure on how to investigate this. It might have to do with ca-certificates.
Comment 2 Romain Riviere 2009-01-08 06:08:36 UTC
Downgrading from app-misc/ca-certificates-20080809 to app-misc/ca-certificates-20080514-r2 solves the problem.
Re-upgrading got me this :

>>> Installing app-misc/ca-certificates-20080809
Updating certificates in /etc/ssl/certs....WARNING: Skipping duplicate certificate root.pem
WARNING: Skipping duplicate certificate QuoVadis_Root_Certification_Authority.pem
done.

So something must be wrong with my SSL setup. Will investigate further but this looks like an INVALID candidate ... sorry for the noise :/
Comment 3 Romain Riviere 2009-01-09 05:06:48 UTC
My /etc/ssl/certs was to blame. There are certs in there that I don't even remember putting there and that are conflicting with ca-certificates, causing TLS to break. Again, sorry about the noise.
Comment 4 Romain Riviere 2009-01-09 05:28:28 UTC
(In reply to comment #3)
> My /etc/ssl/certs was to blame. There are certs in there that I don't even
> remember putting there and that are conflicting with ca-certificates, causing
> TLS to break. Again, sorry about the noise.

Edit : it seems ca-certificates causes this consistently on amd64. Will report there.