dovecot oauth

[Aki Tuomi]

> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
> 
>  
> > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote:
> > 
> >  
> > Hello,
> > 
> > I'm trying to configure roundcube / dovecot to work with keycloak.
> > I activated xoauth2 oauthbearer in dovecot.
> > But a problem occurs when dovecot tries to contact the keycloak server
> > (logs are below).
> > 
> > My problem looks like this one:
> > https://dovecot.org/pipermail/dovecot/2019-December/117768.html
> > The response to this problem was about a bug in oauth driver
> > (https://dovecot.org/pipermail/dovecot/2019-December/117787.html).
> > 
> > Mizuki was using Dovecot v2.2.36 (1f10bfa63)
> > I have Dovecot Dovecot v2.3.4.1 (f79e8e7e4)
> > 
> > I'm wondering if this bug is still present in my version or if I have
> > another problem.
> > 
> > Both my servers (dovecot and keycloak) are using let's encrypt certificates.
> > I tried to configure Keycloak with nginx proxy and without it (access
> > via port 8443) (in case the problem came from the ssl config on the
> > keycloak server), but still the same error.
> > 
> > If the bug is fixed, then could someone tell me what do I have to put in
> > the option tls_ca_cert_file?
> > 
> > I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I
> > got from let's encrypt website (https://letsencrypt.org/certificates/ /
> > tried ISRG Root X1 (self-signed) & Let’s Encrypt Authority X3 (IdenTrust
> > cross-signed) & Let’s Encrypt Authority X3 (Signed by ISRG Root X1))
> > But I always have the same error.
> > 
> > Thanks,
> > Kenny
> > 
> 
> Hi!
> 
> Can you try with 2.3.10.1? You can find packages at https://repo.dovecot.org
> 
> Aki

Also can you verify with 'openssl s_client' that you are sending full certificate path in your letsencrypt certificate? tls_ca_cert_file should point to whatever your certificate *root* certificate is.

Aki