Bug#459323: exim4: Incredimail problem sending email using Exim4 SMTP over SSL / TLS error on connection from [ip.ad.dr.ess] (gnutls_handshake): A TLS packet with unexpected length was received.

Andrew McGlashan andrew.mcglashan at affinityvision.com.au
Sun Jan 6 18:18:37 UTC 2008 

Simon Josefsson wrote:
> Thanks.  Great.  I suspect the problem is the same as for TheBat,
> i.e., that GnuTLS sends a certificate request and IM can't handle it.
> Can you try to add --disable-client-cert to:
>
>> www:~# gnutls-serv --port 4465 --debug 4711 \
>>>  --x509certfile /etc/exim4/exim.crt \
>>>  --x509keyfile  /etc/exim4/exim.key \
>>>  --x509cafile   /etc/ssl/certs/ca.pem

www:~# gnutls-serv --port 4465 --debug 4711 \
>  --disable-client-cert \
>  --x509certfile /etc/exim4/exim.crt \
>  --x509keyfile  /etc/exim4/exim.key \
>  --x509cafile   /etc/ssl/certs/ca.pem
Invalid option 'disable-client-cert'
Error in the arguments. Use the --help or -h parameters to get more 
information.
www:~#


www:~# gnutls-serv -h
GNU TLS test server
Usage: gnutls-serv [options]


     -d, --debug integer      Enable debugging
     -g, --generate           Generate Diffie Hellman Parameters.
     -p, --port integer       The port to connect to.
     -q, --quiet              Suppress some messages.
     --nodb                   Does not use the resume database.
     --http                   Act as an HTTP Server.
     --echo                   Act as an Echo Server.
     --dhparams FILE          DH params file to use.
     --x509fmtder             Use DER format for certificates
     --x509cafile FILE        Certificate file to use.
     --x509crlfile FILE       CRL file to use.
     --pgpkeyring FILE        PGP Key ring file to use.
     --pgptrustdb FILE        PGP trustdb file to use.
     --pgpkeyfile FILE        PGP Key file to use.
     --pgpcertfile FILE       PGP Public Key (certificate) file to
                              use.
     --x509keyfile FILE       X.509 key file to use.
     --x509certfile FILE      X.509 Certificate file to use.
     --x509dsakeyfile FILE    Alternative X.509 key file to use.
     --x509dsacertfile FILE   Alternative X.509 certificate file to
                              use.
     --require-cert           Require a valid certificate.
     --pskpasswd FILE         PSK password file to use.
     --srppasswd FILE         SRP password file to use.
     --srppasswdconf FILE     SRP password conf file to use.
     --ciphers cipher1 cipher2...
                              Ciphers to enable.
     --protocols protocol1 protocol2...
                              Protocols to enable.
     --comp comp1 comp2...    Compression methods to enable.
     --macs mac1 mac2...      MACs to enable.
     --kx kx1 kx2...          Key exchange methods to enable.
     --ctypes certType1 certType2...
                              Certificate types to enable.
     -l, --list               Print a list of the supported
                              algorithms  and modes.
     -h, --help               prints this help
     -v, --version            prints the program's version number
     --copyright              prints the program's license
www:~#


Kind Regards
AndrewM

More information about the Pkg-exim4-maintainers mailing list