Re: Error: Can't load SSL certificate
The others are on openSUSE 15.4 and macOS, all are binary installs
Entware build options Build options: ioloop=epoll openssl io_block_size=8192 SQL drivers: mysql Passdb: checkpassword ldap passwd passwd-file shadow sql Userdb: checkpassword ldap passwd prefetch passwd-file sql
macOS build options Build options: ioloop=kqueue notify=kqueue openssl io_block_size=8192 SQL drivers: mysql Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword passwd prefetch passwd-file sql
openSUSE build options Build options: ioloop=epoll notify=inotify openssl io_block_size=8192 SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) passwd prefetch passwd-file sql
The libz.so are for OpenSUSE and the QNap in the same directories withe the same permissions The macOS does not have a libz.so, this dovecot was build by macports.
All servers are running dovecot with the same user accounts.
At the moment I will look into this issue later and will try to authenticate without using SSL.
On the MACs and openSUSE I authenticate using pam, the QNAP does not use pam so I want to authenticate using a local password file, but I have problems to set it up correctly
I have changed it 10-auth.conf to use auth-passwdfile.conf.ext and created a password file called userdb. I don’t know what else to change and what exactly should be in the userdb file.
The log only shows Mar 20 23:52:45 auth: Debug: auth client connected (pid=6966) Mar 20 23:52:45 imap-login: Info: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<AhJNZ1T3GcDAqHUF>
I need to fix this first before I can enable SSL again.
Maybe I should open a new threat Horst
My suggests to look for:
- Are your other servers setups installed from "Entware for QNAP" too?
- Do your other servers have libz.so* located under /opt/lib/ too?
- Did you compare owner and permissions of every libz.so* file between servers too?
- Are other servers running Dovecot with same user account?
El 20/3/23 a les 4:01, Horst Simon ha escrit:
I try to logon to map using dovecot with SSL required. I get following entries in the log:Mar 20 13:49:30 auth: Debug: Loading modules from directory: /opt/lib/dovecot/modules/auth Mar 20 13:49:30 auth: Debug: Module loaded: /opt/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so Mar 20 13:49:30 auth: Debug: Read auth token secret from /opt/var/run/dovecot/auth-token-secret.dat Mar 20 13:49:30 auth: Debug: passwd-file /opt/etc/dovecot/userdb:Read 1 users in 0 secs Mar 20 13:49:30 auth: Debug: auth client connected (pid=26120) Mar 20 13:49:30 imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:12800067:DSO support routines::could not load the shared library: filename(libz.so): libz.so: cannot open shared object file: No such file or directory, error:12800067:DSO support routines::could not load the shared library: user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<eX3e+Uv3k8DAqHUF> Mar 20 13:49:30 imap-login: Info: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<eX3e+Uv3k8DAqHUF
The library files exist in the include directory [/opt] # find . -name libz* -print
./lib/opkg/info/libzstd.control
./lib/opkg/info/libzstd.list
./lib/libz.so
./lib/libz.so.1
./lib/libz.so.1.2.13
./lib/libzstd.so
./lib/libzstd.so.1
./lib/libzstd.so.1.5.2
./lib/libz.a
Have the dovecot settings the same on other servers and it works, Dovecot is v2.3.18, installed from Entware for QNAP. Any help?appreciated.
Horst
--
Narcis Garcia
I de-installed to supplied binaries of dovecot and openssl and build openssl and dovecot from source, this solved my problem.
On 21 Mar 2023, at 00:38, Horst Simon <horst.simon2@icloud.com> wrote:
The others are on openSUSE 15.4 and macOS, all are binary installs
Entware build options Build options: ioloop=epoll openssl io_block_size=8192 SQL drivers: mysql Passdb: checkpassword ldap passwd passwd-file shadow sql Userdb: checkpassword ldap passwd prefetch passwd-file sql
macOS build options Build options: ioloop=kqueue notify=kqueue openssl io_block_size=8192 SQL drivers: mysql Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword passwd prefetch passwd-file sql
openSUSE build options Build options: ioloop=epoll notify=inotify openssl io_block_size=8192 SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) passwd prefetch passwd-file sql
The libz.so are for OpenSUSE and the QNap in the same directories withe the same permissions The macOS does not have a libz.so, this dovecot was build by macports.
All servers are running dovecot with the same user accounts.
At the moment I will look into this issue later and will try to authenticate without using SSL.
On the MACs and openSUSE I authenticate using pam, the QNAP does not use pam so I want to authenticate using a local password file, but I have problems to set it up correctly
I have changed it 10-auth.conf to use auth-passwdfile.conf.ext and created a password file called userdb. I don’t know what else to change and what exactly should be in the userdb file.
The log only shows Mar 20 23:52:45 auth: Debug: auth client connected (pid=6966) Mar 20 23:52:45 imap-login: Info: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<AhJNZ1T3GcDAqHUF>
I need to fix this first before I can enable SSL again.
Maybe I should open a new threat Horst
My suggests to look for:
- Are your other servers setups installed from "Entware for QNAP" too?
- Do your other servers have libz.so* located under /opt/lib/ too?
- Did you compare owner and permissions of every libz.so* file between servers too?
- Are other servers running Dovecot with same user account?
El 20/3/23 a les 4:01, Horst Simon ha escrit:
I try to logon to map using dovecot with SSL required. I get following entries in the log:Mar 20 13:49:30 auth: Debug: Loading modules from directory: /opt/lib/dovecot/modules/auth Mar 20 13:49:30 auth: Debug: Module loaded: /opt/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so Mar 20 13:49:30 auth: Debug: Read auth token secret from /opt/var/run/dovecot/auth-token-secret.dat Mar 20 13:49:30 auth: Debug: passwd-file /opt/etc/dovecot/userdb:Read 1 users in 0 secs Mar 20 13:49:30 auth: Debug: auth client connected (pid=26120) Mar 20 13:49:30 imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:12800067:DSO support routines::could not load the shared library: filename(libz.so): libz.so: cannot open shared object file: No such file or directory, error:12800067:DSO support routines::could not load the shared library: user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<eX3e+Uv3k8DAqHUF> Mar 20 13:49:30 imap-login: Info: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=192.168.117.5, lip=192.168.117.2, session=<eX3e+Uv3k8DAqHUF
The library files exist in the include directory [/opt] # find . -name libz* -print
./lib/opkg/info/libzstd.control
./lib/opkg/info/libzstd.list
./lib/libz.so
./lib/libz.so.1
./lib/libz.so.1.2.13
./lib/libzstd.so
./lib/libzstd.so.1
./lib/libzstd.so.1.5.2
./lib/libz.a
Have the dovecot settings the same on other servers and it works, Dovecot is v2.3.18, installed from Entware for QNAP. Any help?appreciated.
Horst
--
Narcis Garcia
participants (1)
-
Horst Simon