[tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.
Dave Baker
dave at dsb3.com
Fri, 17 Oct 2003 12:31:50 -0400
On Thu, Oct 16, 2003 at 09:02:00PM +0100, Chris Lightfoot wrote:
> > For reference, can I ask what OS, openssl, etc you tested on?
>
> So far, only on my local Linux machine with OpenSSL
> 0.9.6b. I'm a bit snowed under at the moment and haven't
> time for more extensive testing.
>
Over ethernet or loopback? (I'm going to test on linux with 0.9.6k and
0.9.7c when I have a moment to see if I can isolate it to FreeBSD or not).
> Out of interest, could you try tlsproxyd and see whether
> it exhibits the same behaviour?
>
tlxproxyd didn't compile "out of the box" on FreeBSD. I'm going to try
stunnel (which I think is in ports alread) first, and depending on how
that behaves will spend the time to hack my way through tlsproxyd's
Makefile (and give you my changes, of course!)
Dave
p.s. this reminds me of another feature for tpop3d that might be handy.
Apache has the "exec" option to SSLPassPhraseDialog that, while only
superficially secure, does at least prevent the necessity of storing the
ssl.key unpassworded. It seems that if the key is passworded tpop3d just
drops that option from it's list of listeners and continues rather than
stop and ask for a password.
Perhaps a config option (yeah, another one!) to select "run this command",
"drop and continue", or "wait for input" could be useful? This could
then be overridden with a command line option so, for example, the init.d
script to start the daemon at server boot would just drop TLS and start up
as much as it could automatically, but when restarting from the shell
you'd have the option to enter the passphrase. (of course, that wouldn't
help me out as I start tpop3d from daemontools ... so I may be limited to
just having a passphrase providing executable)
Honestly, this suggestion starts to smell a little of creaping featurism
but I do think there's a place for a *little* more control over how the
ssl key is handled during startup.
--
- Dave Baker : dave@dsb3.com : http://dsb3.com/ -
GnuPG: 1024D/D7BCA55D / 09CD D148 57DE 711E 6708 B772 0DD4 51D5 D7BC A55D