Hi all, I've managed to get dovecot running with ldaps (ssl over port 636, not starttls). Btw, it's working right only if i specify "TLSVerifyClient never" in my slapd.conf.
With any other parameter (like "TLSVerifyClient demand"), the bind fails with:
connection_get(12) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write certificate request A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate +/usr/src/lib/libssl/src/ssl/s3_srvr.c:2004 connection_read(12): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=12 for close connection_close: conn=0 sd=12
Is there a way to specify, in the dovecot-ldap.conf file, where to look for the client certificate and key files? Or maybe make dovecot parse the ldaprc file under /etc?
Best Regards, David