pilerimport ssl error: internal ssl error

Issue #1046 closed
Christian created an issue

When I try to import via pilerimport I get a ssl error:

root@bd329a4f2c37:/var/piler# pilerimport -q -i imap.domain.com -u us -p xxxxxxxx -P 993
ssl error: internal ssl error
^C
root@bd329a4f2c37:/var/piler# piler -V
piler 1.3.6, build 998, Janos SUTO <sj@acts.hu>

Build Date: Wed Feb 5 14:02:48 UTC 2020
ldd version: ldd (Debian GLIBC 2.28-10) 2.28
gcc version: gcc version 8.3.0 (Debian 8.3.0-6) 
OS: Linux 465688c64d00 4.18.0-147.3.1.el8_1.x86_64 #1 SMP Fri Jan 3 23:55:26 UTC 2020 x86_64 GNU/Linux
Configure command: ./configure --with-database=mysql
MySQL client library version: 10.3.18
Extractors: /usr/bin/pdftotext /usr/bin/catdoc /usr/bin/catppt /usr/bin/xls2csv /usr/local/bin/ppthtml /usr/bin/unrtf /usr/bin/tnef libzip

On my old piler server with version 1.3.1-epoll, build 980 pilerimport works just fine.

By any chance do i have to import the mailservers certificate? If yes, please tell me how. Is there any documentation you can point me too? Thanks.

Comments (11)

  1. Janos SUTO repo owner

    No, you don’t have to import the certificate. The ‘internal ssl error’ means that you failed to create an ssl connection to the imap server for some reason.

    Check if imap server actually listens on port 993. And I’d like to see an ngrep output of the connection, ie. run ngrep -X -e port 993 while you run pilerimport.

  2. Janos SUTO repo owner

    Hmm, it seems like pilerimport can receive the certificate from the imap server, but then the imap server aborts the connection. Check the mail / imap server logs for further clues.

  3. Christian reporter

    The log on the mailserver says the following:
    Feb 10 11:01:19 kraftwerk dovecot[37373]: imap-login: Disconnected (no auth attempts): rip=10.0.1.141, lip=10.0.2.250, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

  4. Christian reporter

    could I use the old binary (pilerimport) from version 1.3.1 or are there any changes which are incompatible?

  5. Janos SUTO repo owner

    Based on the openssl library version (I assume you have 1.1.x, I’ll add the openssl version to piler -V output) pilerimport would use either TLSv1_client_method() or TLS_client_method()

    I suspect that the imap server doesn’t support the tls version pilerimport tries to use. Note that pilerimport doesn’t support sslv3 at all. Check what encryption options your imap server and the openssl library on the host support.

  6. Janos SUTO repo owner

    I think you might use it, however it’s linked to several libraries, so you need to copy its dependencies as well and be careful not to break anything. If you are familiar with docker, feel free to use it.

  7. Christian reporter

    I have been using docker all along. I found out when I compile piler in an older environment (Debian:stretch) it works, when I use Debian:latest it returns an ssl error in pilerimport.
    There must have been some changes in ssl libraries that the new piler version 1.3.6 is not compatible with.

    That is my new dockerfile I had to change back to php7.0 from php7.3 and change “Debian:latest” to “Debian:stretch”

    #FROM debian:latest
    FROM debian:stretch
    
    RUN apt-get update && \
    apt-get upgrade -y && \
    groupadd -g 112 mysql && \
    useradd -u 107 -g 112 -c "MySQL Server,,," -d /nonexistent -s /bin/false mysql && \
    apt-get install -y rsyslog openssl mariadb-server sphinxsearch php7.0 php7.0-fpm php7.0-mysql php-gd nginx libtre5 libzip4 sysstat python-mysqldb catdoc poppler-utils unrtf tnef memcached php-memcache php-memcached build-essential wget libwrap0-dev libssl-dev libtre-dev zlib1g-dev libmariadb-dev-compat libmariadb-dev procps systemd nano sudo cron libzip-dev && \
    mkdir build && \
    cd build && \
    wget https://bitbucket.org/jsuto/piler/downloads/xlhtml-0.5.1-sj-mod.tar.gz && \
    tar xzvf xlhtml-0.5.1-sj-mod.tar.gz && \
    cd xlhtml-0.5.1-sj-mod && \
    ./configure && \
    make && \
    make install && \
    cd /build && \
    wget https://bitbucket.org/jsuto/piler/downloads/piler-1.3.7.tar.gz && \
    tar xzvf piler-1.3.7.tar.gz && \
    cd piler-1.3.7 && \
    groupadd -g 1001 piler && \
    useradd -m -u 1001 -g 1001 -s /bin/sh -d /var/piler piler && \
    usermod -L piler && \
    chmod 755 /var/piler && \
    ./configure --with-database=mysql && \
    make && \
    make install && \
    ldconfig 
    
    EXPOSE 80 443 548
    

  8. Janos SUTO repo owner

    Actually piler is compatible with both openssl 1.0.x and 1.1.x. I think the offered encryption methods in 1.1.x version are not compatible with your imap server’s accepted methods. Anyway, I suggest to use debian strech or acquire the emails with a different imap utility, and then pilerimport could import the already downloaded emails.

  9. Log in to comment