mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)
Hello everyone,
Problem info:
An error occurs, while trying to establish a TLS/SSL secured connection to a database (mariadb), which has the ability to accept TLS/SSL connections.
Analysis from Archlinux Gitlab Issue, which could be found under following link by - Toolybird:
https://gitlab.archlinux.org/archlinux/packaging/packages/dovecot/-/issues/1...
Thanks for reporting. It would appear to be some kind of (upstream?) bug in the autofoo. The error message can be traced back to HAVE_MYSQL_SSL being undefined when it should be defined. This is reflected in log:
https://reproducible.archlinux.org/api/v0/builds/946041/log
It took quite some debugging, but adding the following hack before the autoreconf call appears to make it work:
checking for mysql_ssl_set in -llibmariadb... no
sed -i 's/mysql_driver="libmariadb"/mysql_driver="mariadb"/' m4/ want_mysql.m4 After that it now shows:
checking for mysql_ssl_set in -lmariadb... yes
Steps to reproduce:
- Configure dovecot 2.4.2-4 as described below
- Restart dovecot 2.4.2-4
- Try send an email (echo "Test-E-Mail" | /usr/sbin/sendmail root)
- Determine error messages inside dovecot 2.4.2-4-Log
01 Dec 22 04:57:38 server dovecot[842]: auth: Error: mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings) 02 Dec 22 04:57:38 server dovecot[842]: auth-worker: Error: mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)
Additional info:
OS version: Archlinux package version(s): dovecot 2.4.2-4 necessary config file part:
45 sql_driver = mysql 46 47 mysql db.idmz.tachtler.net { 48 host = db.idmz.tachtler.net 49 port = 3306 50 user = postfixuser 51 password = geheim 52 dbname = postfix 53 ssl = yes 54 ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem 55 ssl_client_cert_file = /etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem 56 ssl_client_key_file = /etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem 57 ssl_cipher_list = DHE-RSA-AES256-SHA 58 }
WITHOUT the following line, a database connections is possible and works as expected:
53 ssl = yes 54 ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem 55 ssl_client_cert_file = /etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem 56 ssl_client_key_file = /etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem 57 ssl_cipher_list = DHE-RSA-AES256-SHA
Thanky you in advance for your help! Klaus Tachtler.
--
e-Mail : klaus@tachtler.net Homepage: https://www.tachtler.net DokuWiki: https://dokuwiki.tachtler.net
participants (1)
-
Klaus Tachtler