2.3.17 update breaks dsync over tcps: Received invalid SSL certificate unable to get certificate CRL

Salatiel Filho salatiel.filho at gmail.com
Fri Nov 12 21:19:00 UTC 2021


Hi,
I have updated dovecot from 2.3.16 (working flawless ) to 2.3.17 (
both  Centos8 - community repo )  .  Now dsync does not work anymore,
logs shows:
dovecot[30398]: doveadm(vmail): Error: Disconnected from remote:
Received invalid SSL certificate: unable to get certificate CRL:
/CN=imap.signed.with.my.own.ca(check ssl_client_ca_* settings?)
I have a certificate signed by my "own CA". Both hosts trust my CA,
and as I told previously, the configuration works just fine on 2.3.16.
I really was not expecting that a minor update would break things, but
2.3.17 appears to have broken the setup for some people here in the
maillists.

Is there a workaround for this? I have tried to set ssl_require_crl =
no , but nothing changed.

I have:
service doveadm {
  inet_listener {
    port = 26
    ssl = yes
  }
}

ssl = required
ssl_ca = </etc/ssl/certs/mail-cluster-communication_ca.pem
ssl_cert = </etc/ssl/certs/mail-cluster-communication.crt
ssl_key = # hidden, use -P to show it


Thanks!


Atenciosamente/Kind regards,
Salatiel


More information about the dovecot mailing list