# courier-imap - segfault

## coRpTitan

Greetings,

I've installed and started courier-authlib (using authPAM), then i installed courier-imap.

Then i made cert by using this script: /usr/sbin/mkpop3dcert - i made only 1 change in this script: i removed bold text.

/usr/bin/openssl req -new -x509 -days 365 -nodes -conf /etc/courier-imap/pop3.cnf -out $pemfile -keyout $pemfile || cleanup

I removed it because it gave me error:

```
unable to find 'distinguished_name' in config

problems making Certificate Request

16560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name
```

Now, i have cert, and POP3S running:

```
/etc/init.d/courier-pop3d-ssl start

 * Starting courier-pop3d over SSL ...                                                                                                             [ ok ]
```

But when i am trying to connect(using Thunderbird) it gives me warning message about cert(probably because of it's self signed cert). When i accept this cert for current session nothing happens in Thunderbird, but in system log is error message:

Aug 23 18:12:35 HOSTNAME couriertls[17953]: segfault at bf50dffc ip 0804ce0e sp bf50e000 error 6 in couriertls[8048000+f000]

Here is my /etc/courier-imap/pop3d-ssl:

```

HOSTNAME courier-imap # cat pop3d-ssl  | grep -v "#" | uniq

SSLPORT=995

SSLADDRESS=0

SSLPIDFILE=/var/run/pop3d-ssl.pid

SSLLOGGEROPTS="-name=pop3d-ssl"

POP3DSSLSTART=NO

POP3_STARTTLS=YES

POP3_TLS_REQUIRED=0

COURIERTLS=/usr/sbin/couriertls

TLS_STARTTLS_PROTOCOL=TLS1

TLS_KX_LIST=ALL

TLS_COMPRESSION=ALL

TLS_CERTS=X509

TLS_CERTFILE=/etc/courier-imap/pop3d.pem

TLS_TRUSTCERTS=/etc/ssl/certs

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288

MAILDIRPATH=Maildir

MAILDIR=.maildir

MAILDIRPATH=.maildir

HOSTNAME courier-imap #

```

Can any one tell me where is problem please?

Here is my emerge --info :

```
tbook courier-imap # emerge --info

Portage 2.2_rc8 (default-linux/x86/2007.0, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.26-tuxonice i686)

=================================================================

System uname: Linux-2.6.26-tuxonice-i686-Intel-R-_Pentium-R-_M_processor_1.73GHz-with-glibc2.0

Timestamp of tree: Sat, 23 Aug 2008 08:33:01 +0000

app-shells/bash:     3.2_p39

dev-java/java-config: 1.3.7, 2.1.6-r1

dev-lang/python:     2.4.4-r14, 2.5.2-r7

dev-python/pycrypto: 2.0.1-r5

sys-apps/baselayout: 2.0.0

sys-apps/openrc:     0.2.2

sys-apps/sandbox:    1.2.18.1-r3

sys-devel/autoconf:  2.13, 2.62-r1

sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1

sys-devel/binutils:  2.18-r3

sys-devel/gcc-config: 1.4.0-r4

sys-devel/libtool:   2.2.4

virtual/os-headers:  2.6.26

ACCEPT_KEYWORDS="x86 ~x86"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=pentium-m -pipe -mtune=pentium-m"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"

CXXFLAGS="-O2 -march=pentium-m -pipe -mtune=pentium-m"

DISTDIR="/usr/portage/distfiles"

FEATURES="distlocks parallel-fetch preserve-libs sandbox sfperms strict unmerge-orphans userfetch"

GENTOO_MIRRORS="http://ftp.linux.cz/pub/linux/gentoo/ "

LDFLAGS=""

MAKEOPTS="-j2"

PKGDIR="/usr/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X acl acpi alsa background berkdb bluetooth bzip2 cli cracklib crypt cups curl dbus dri encode fortran ftp gdbm gif gnome gpm gtk hal iconv isdnlog java jpeg kde laptop libwww logitech-mouse midi mp3 mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp pam pcmcia pcre perl png pppd python qt3support readline reflection sasl session spl sqlite sse2 ssl tcpd truetype unicode usb vorbis win32codecs wma wmv x86 xml xorg xscreensaver xvid zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1    emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m       maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="i810"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
```

And sorry for my verry bad english  :Sad: 

----------

## notHerbert

Hi coRpTitan

You need to restore the script /usr/sbin/mkpop3dcert to it's original form, then 

```
# cd /etc/courier-imap

# nano -w pop3d.cnf

# nano -w imapd.cnf

(Change the C, ST, L, CN, and email parameters to match your server.) - this is where the distinguished name comes from. 

# mkpop3dcert

# mkimapdcert
```

Once that is repaired, the rest should work better.   :Smile: 

----------

## coRpTitan

Hi notHerbert,

I've done this:

```
tbook courier-imap # whereis mkpop3dcert

mkpop3dcert: /usr/sbin/mkpop3dcert.orig /usr/sbin/mkpop3dcert /usr/share/man/man8/mkpop3dcert.8.bz2

tbook courier-imap # cat /usr/sbin/mkpop3dcert

#! /bin/sh

#

# mkimapdcert,v 1.1 2001/01/02 03:54:25 drobbins Exp

#

# Copyright 2000 Double Precision, Inc.  See COPYING for

# distribution information.

#

# This is a short script to quickly generate a self-signed X.509 key for

# IMAP over SSL.  Normally this script would get called by an automatic

# package installation routine.

test -x /usr/bin/openssl || exit 0

prefix="/usr"

pemfile="/etc/courier-imap/pop3d.pem"

randfile="/etc/courier-imap/pop3d.rand"

if test -f $pemfile

then

        echo "$pemfile already exists."

        exit 1

fi

cp /dev/null $pemfile

chmod 600 $pemfile

chown root $pemfile

cleanup() {

        rm -f $pemfile

        rm -f $randfile

        exit 1

}

dd if=/dev/urandom of=$randfile count=1 2>/dev/null

/usr/bin/openssl req -new -x509 -days 365 -nodes \

        -config /etc/courier-imap/pop3d.cnf -out $pemfile -keyout $pemfile || cleanup

/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup

/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup

rm -f $randfile
```

This is original script as portage installed it.

```
tbook courier-imap # cat pop3d.cnf

organization = "tntwrk.info"

unit = "Automatically-generated POP3 SSL key"

locality = Brno"

state = "CZ"

country = CZ

cn = "tntwrk.info"

serial = 001

expiration_days = 365

email = "titan@tntwrk.info"
```

File with certificate info

```
tbook courier-imap # cat imapd.cnf

organization = "tntwrk.info"

unit = "Automatically-generated IMAP SSL key"

locality = "Brno"

state = CZ"

country = CZ

cn = "tntwrk.info"

serial = 001

expiration_days = 365

email = "titan@tntwrk.info"
```

I think i don't need to modify this file if i only want to make POP3D cert, but i've edited it too.

```
tbook courier-imap # mkpop3dcert

Generating a 512 bit RSA private key

........++++++++++++

..............++++++++++++

writing new private key to '/etc/courier-imap/pop3d.pem'

-----

unable to find 'distinguished_name' in config

problems making Certificate Request

11014:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name

tbook courier-imap #
```

Exactly same error as i explained above. I think cert is ok, only informations like C, ST, L, CN was not taken form conf file but i was prompted for them.

----------

