hi timo,
On Sun, 2005-09-11 at 12:52 -0700, OpenMacNews wrote:
dovecot: Sep 11 11:58:43 Error: imap-login: Can't load private key file /var/Security/mail.testdomain.com.privkey.dsa.pem: error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key
Well, I'm not sure why so many other programs seem to want to require RSA private keys (where I looked at examples how to use OpenSSL), but I think this patch fixes it (committing to CVS too):
Index: src/login-common/ssl-proxy-openssl.c =================================================================== RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v retrieving revision 1.28 diff -u -r1.28 ssl-proxy-openssl.c --- src/login-common/ssl-proxy-openssl.c 18 Sep 2005 14:43:10 -0000 1.28 +++ src/login-common/ssl-proxy-openssl.c 18 Sep 2005 15:55:35 -0000 @@ -487,8 +487,8 @@ certfile, ssl_last_error()); }
- if (SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, keyfile, - SSL_FILETYPE_PEM) != 1) { + if (SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, + SSL_FILETYPE_PEM) != 1) { i_fatal("Can't load private key file %s: %s", keyfile, ssl_last_error()); }
i DL'd the latest CVS, verifying the patch above ... build went fine. using rsa is still ok. now, when i try to connect w/ DSA i get, in dovecot log, a lightly different error: dovecot: Sep 18 16:28:19 Warning: imap-login: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher [10.0.0.6] dovecot: Sep 18 16:28:19 Info: imap-login: Disconnected: rip=10.0.0.6, lip=10.0.0.5, TLS this is with: ssl_listen = * ssl_disable = no verbose_ssl = yes ssl_key_file = /var/Data/Security/mail.mydomain.com.privkey.rsa.pem ssl_cert_file = /var/Data/Security/mail.mydomain.com.cert.rsa.pem ssl_ca_file = /var/Data/Security/mydomain.CA.cert.rsa.pem ssl_verify_client_cert = no ssl_parameters_file = /var/Data/Security/mydomain.dsaparam.pem ssl_parameters_regenerate = 0 ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH in my dovecot config ... cheers, richard