At 10:57 PM -0800 2/23/07, Bart Smaalders wrote:
Bill Cole wrote:
At 5:02 PM +0900 2/22/07, Jorgen Lundman wrote:
I use dovecot with Solaris 10 on x86.
I will point out that the OpenSSL that comes with Solaris 10 is very broken and will generally not work with ... anything. If you go fetch latest OpenSSL, either package from sunfreeware, or build yourself, and make sure to link against "/usr/local/ssl" instead. (I wouldn't advice pkg_rm the system ssl as the PAM module is linked against it, if you want to be able to login).
I concur.
If you want to use anything Sun isn't giving you with SSL on Solaris, you want to get a standard build of OpenSSL and link anything you need against it, not the not-really-quite-OpenSSL Sun provides.
(incidentally, you don't mention the version of Solaris you are using. That might be relevant)
That is one option; the other is to install SUNWcry and SUNWcryr packages; these restore the missing ciphers (removed due to certain countries forbidding import of strong cryptography in years past).
Thanks for the details. I had not previously analyzed the problem in detail, only addressed the operational issues by writing off the Sun customized version as inadequate (see Sendmail, SSH, etc...)
(I say that as someone who works with almost exclusively Sun gear running Solaris. I love the system overall, but hate the way Sun integrates critical bits of open source. )
--
Bill Cole
bill@scconsult.com