On Wed, Jul 31, 2024 at 6:11 PM Georg Graf via dovecot <dovecot@dovecot.org> wrote:
Hi, I'm George and I think I've been running dovecot for like more than a decade now without any troubles, so: WOW!
Nevertheless, after an upgrade from FreeBSD 13.2 to 13.3 plus "pkg upgrade" my dovecot installation refuses to load the ssl certificates. I've tried a version built from source as well as the package.
The Problem seems to be something with loading of DSO's:
========================================================================================================= Jul 31 16:42:11 murl dovecot[10801]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): Shared object "libproviders.so" not found, required by "imap-login", error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:mo
=========================================================================================================
I have never seen 'libproviders' and there's not a lot on it on the internet as well.
Here comes my (dead-simple) 'dovecot -n':
========================================================================================================= # 2.3.21 (47349e2482): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 13.3-RELEASE-p4 amd64 # Hostname: murl.graf.priv.at auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir passdb { driver = pam } protocols = imap ssl_cert = </root/.acme.sh/graf.priv.at/fullchain.cer ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = blocking=yes driver = passwd } verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep }
=========================================================================================================
My openssl s_client shows that the server hangs up (while producing the above log entry):
========================================================================================================= # openssl s_client -servername graf.priv.at -connect graf.priv.at:imaps CONNECTED(00000003) write:errno=0
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 314 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
=========================================================================================================
Just to mention: plaintext IMAP is still working:
========================================================================================================= # telnet graf.priv.at imap Trying 78.41.116.33... Connected to graf.priv.at. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. u login georg <mysupersecretpassword> u OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAM ESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITE RAL+ NOTIFY] Logged in r select INBOX
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent $label5 $label3)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent $label5 $label3 \*)] Flags permitted.
- 359 EXISTS
- 0 RECENT
- OK [UNSEEN 2] First unseen.
- OK [UIDVALIDITY 1509040425] UIDs valid
- OK [UIDNEXT 11767] Predicted next UID
- OK [HIGHESTMODSEQ 19640] Highest r OK [READ-WRITE] Select completed (0.006 + 0.000 + 0.005 secs). s logout
- BYE Logging out s OK Logout completed (0.001 + 0.000 secs). Connection closed by foreign host.
=========================================================================================================
Any helping hint is highly appreciated!
Thank you very much,
I am not the expert here, but did you complete your upgrade of FreeBSD? It appears that the breakage is something to do with OpenSSL on your system than dovecot. I'd suggest you look into your update and see if you have the correct version of openssl that you expect with 13.3-RELEASE.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]