Re: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
- Aki Tuomi <aki.tuomi@dovecot.fi>:
Could you send us the gdb bt full backtrace for the core file?
Currently I can't get it to create coredumps
doveconf -n:
# 2.2.devel (3f97702): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (023f391) # OS: Linux 4.4.0-65-generic x86_64 Ubuntu 16.04.2 LTS auth_mechanisms = plain login default_vsz_limit = 1 G imapc_host = exchange-imap.charite.de imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no listen = *,:: mail_gid = imapproxy mail_home = /home/imapproxy/%u mail_location = imapc:~/imapc mail_plugins = mail_log notify mail_uid = imapproxy passdb { args = host=exchange-imap.charite.de port=993 ssl=imaps default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993 driver = imap } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap service auth { inet_listener { address = 127.0.0.1 port = 12345 } } ssl = required ssl_ca = </etc/ssl/certs/ca-certificates.crt ssl_cert = </etc/dovecot/dovecot.pem ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4 ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 userdb { driver = prefetch } verbose_proctitle = yes
Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
- Ralf Hildebrandt <dovecot@dovecot.org>:
- Aki Tuomi <aki.tuomi@dovecot.fi>:
Could you send us the gdb bt full backtrace for the core file?
Currently I can't get it to create coredumps
Got a coredump and backtrace:
Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped)
and the backtrace:
# gdb -q /usr/lib/dovecot/auth 1748 Reading symbols from /usr/lib/dovecot/auth...Reading symbols from /usr/lib/debug/.build-id/7a/66f9b5902485fd23f1f3dbab6479c1214f4ef1.debug...done. done. Attaching to program: /usr/lib/dovecot/auth, process 1748 ptrace: No such process. [New LWP 1748] Core was generated by dovecot/auth'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f61e2af2226 in array_append_i (count=<optimized out>, data=<optimized out>, array=<optimized out>) at ../../src/lib/array.h:168 168../../src/lib/array.h: No such file or directory.
(gdb) bt full
#0 0x00007f61e2af2226 in array_append_i (count=<optimized out>, data=<optimized out>, array=<optimized out>) at ../../src/lib/array.h:168 No locals. #1 imapc_connection_abort_commands_array (cmd_array=cmd_array@entry=0x557d24fbcea0, dest_array=dest_array@entry=0x7ffef84bf690, only_box=only_box@entry=0x0, keep_retriable=keep_retriable@entry=false) at imapc-connection.c:289 cmd = 0x41 i = 0 #2 0x00007f61e2af251a in imapc_connection_abort_commands (conn=0x557d24fbcdc0, only_box=0x0, keep_retriable=<optimized out>) at imapc-connection.c:303 cmdp = <optimized out> cmd = <optimized out> tmp_array = {arr = {buffer = 0x557d24f82960, element_size = 8}, v = 0x557d24f82960, v_modifiable = 0x557d24f82960} reply = {state = IMAPC_COMMAND_STATE_DISCONNECTED, resp_text_key = 0x0, resp_text_value = 0x0, text_full = 0x7f61e2af6316 "Disconnected from server", text_without_resp = 0x7f61e2af6316 "Disconnected from server"} #3 0x00007f61e39e6a92 in io_loop_call_io (io=0x557d24f9bcd0) at ioloop.c:599 ioloop = 0x557d24f8a810 t_id = 2 __FUNCTION__ = "io_loop_call_io" #4 0x00007f61e39e80ea in io_loop_handler_run_internal (ioloop=ioloop@entry=0x557d24f8a810) at ioloop-epoll.c:223 ctx = 0x557d24f92310 io = <optimized out> tv = {tv_sec = 29, tv_usec = 999177} events_count = <optimized out> msecs = <optimized out> ret = 1 i = 0 j = <optimized out> call = <optimized out> __FUNCTION__ = "io_loop_handler_run_internal" #5 0x00007f61e39e6b2c in io_loop_handler_run (ioloop=ioloop@entry=0x557d24f8a810) at ioloop.c:648 No locals. #6 0x00007f61e39e6cd8 in io_loop_run (ioloop=0x557d24f8a810) at ioloop.c:623 __FUNCTION__ = "io_loop_run" #7 0x00007f61e396e7d3 in master_service_run (service=0x557d24f8a6b0, callback=<optimized out>) at master-service.c:641 No locals. #8 0x0000557d2303f31e in main (argc=1, argv=0x557d24f8a390) at main.c:400 c = <optimized out> (gdb)
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
- Ralf Hildebrandt <r@sys4.de>:
Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped)
Still there in auto11
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
On 23.03.2017 11:59, Ralf Hildebrandt wrote:
- Ralf Hildebrandt <r@sys4.de>:
Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped) Still there in auto11
Yes, we have not gotten round fixing it. Did you remove < from the path?
Aki
- Aki Tuomi <aki.tuomi@dovecot.fi>:
Still there in auto11
Yes, we have not gotten round fixing it. Did you remove < from the path?
Of course :)
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
participants (3)
-
Aki Tuomi
-
Ralf Hildebrandt
-
Ralf Hildebrandt