We'll I've spent the entire day trying to make Dovecot with TLS/SSL work on Solaris 10 and I'm not any closer.
This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
bash-3.00# /usr/sfw/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004
The reason I think the bundled openssl is broken is because Thunderbird can receive the cert but the connection drops, turning on all the logging in dovecot I find this in my syslog:
Jun 4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login: SSL_accept() failed: error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19 6.182.15]
I found some messages on the imap-uw mailing list that indicate that this error could be caused by the bundled openssl. I've installed the latest openssl from source without problem and an updated packaged version from sunfreeware.com. I just can't seem to make Dovecot use them.
I've used crle to include /usr/local/ssl/lib in my library path. I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts
When I set the PKG_CONFIG_PATH the messages produced by configure and make make me think that /usr/local/ssl will be used.
Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see several references to the wrong libssl such as "open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY) = 3".
Does anyone know how to make Dovecot use a specified install of openssl? Or how to make Dovecot and the Solaris bundled openssl work?
-Chase
Chase wrote:
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already.