New subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)

20 Mar 2017

Aki Tuomi <aki.tuomi@dovecot.fi>:

...
Could you send us the gdb bt full backtrace for the core file?
Currently I can't get it to create coredumps
doveconf -n:
2.2.devel (3f97702): /etc/dovecot/dovecot.conf
Pigeonhole version 0.4.devel (023f391)
OS: Linux 4.4.0-65-generic x86_64 Ubuntu 16.04.2 LTS
auth_mechanisms = plain login
default_vsz_limit = 1 G
imapc_host = exchange-imap.charite.de
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
listen = *,::
mail_gid = imapproxy
mail_home = /home/imapproxy/%u
mail_location = imapc:~/imapc
mail_plugins = mail_log notify
mail_uid = imapproxy
passdb {
args = host=exchange-imap.charite.de port=993 ssl=imaps
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993
driver = imap
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap
service auth {
inet_listener {
address = 127.0.0.1
port = 12345
}
}
ssl = required
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch
}
verbose_proctitle = yes
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt@charite.de | http://www.charite.de

Re: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)

Ralf Hildebrandt

2.2.devel (3f97702): /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.devel (023f391)

OS: Linux 4.4.0-65-generic x86_64 Ubuntu 16.04.2 LTS

Ralf Hildebrandt

Got a coredump and backtrace:

gdb -q /usr/lib/dovecot/auth 1748

Ralf Hildebrandt

Aki Tuomi

Ralf Hildebrandt

tags

participants (3)