[Dovecot] Specifying with openssl to use
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already.
We'll I've spent the entire day trying to make Dovecot with TLS/SSL work on Solaris 10 and I'm not any closer.
This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
bash-3.00# /usr/sfw/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004
The reason I think the bundled openssl is broken is because Thunderbird can receive the cert but the connection drops, turning on all the logging in dovecot I find this in my syslog:
Jun 4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login: SSL_accept() failed: error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19 6.182.15]
I found some messages on the imap-uw mailing list that indicate that this error could be caused by the bundled openssl. I've installed the latest openssl from source without problem and an updated packaged version from sunfreeware.com. I just can't seem to make Dovecot use them.
I've used crle to include /usr/local/ssl/lib in my library path. I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts
When I set the PKG_CONFIG_PATH the messages produced by configure and make make me think that /usr/local/ssl will be used.
Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see several references to the wrong libssl such as "open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY) = 3".
Does anyone know how to make Dovecot use a specified install of openssl? Or how to make Dovecot and the Solaris bundled openssl work?
-Chase
Chase wrote:
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already.
not sure if you've tried ./configure --help, but ./configure --with-openssl=/usr/local/openssl-0.9.8b would probably fix things for you (assuming you installed into that directory vs compiled in that directory.
On 6/3/06, Chase <chase@osdev.org> wrote:
We'll I've spent the entire day trying to make Dovecot with TLS/SSL work on Solaris 10 and I'm not any closer.
This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
bash-3.00# /usr/sfw/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004
The reason I think the bundled openssl is broken is because Thunderbird can receive the cert but the connection drops, turning on all the logging in dovecot I find this in my syslog:
Jun 4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login: SSL_accept() failed: error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19 6.182.15]
I found some messages on the imap-uw mailing list that indicate that this error could be caused by the bundled openssl. I've installed the latest openssl from source without problem and an updated packaged version from sunfreeware.com. I just can't seem to make Dovecot use them.
I've used crle to include /usr/local/ssl/lib in my library path. I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts
When I set the PKG_CONFIG_PATH the messages produced by configure and make make me think that /usr/local/ssl will be used.
Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see several references to the wrong libssl such as "open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY) = 3".
Does anyone know how to make Dovecot use a specified install of openssl? Or how to make Dovecot and the Solaris bundled openssl work?
-Chase
Chase wrote:
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already.
The problem seems to have been Sun's linker. The only not standard thing I had to do was add in a -R option to the LDFLAGS.
CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' ./configure --with-ssl=openssl
I've added a little text to http://wiki.dovecot.org/CompilingSource about this. Hopefully the same information will be added to the INSTALL file that comes with the source code so some else doesn't waste an entire weekend on something so trivial.
-Chase
infowolfe wrote:
not sure if you've tried ./configure --help, but ./configure --with-openssl=/usr/local/openssl-0.9.8b would probably fix things for you (assuming you installed into that directory vs compiled in that directory.
On 6/3/06, Chase <chase@osdev.org> wrote:
We'll I've spent the entire day trying to make Dovecot with TLS/SSL work on Solaris 10 and I'm not any closer.
This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
bash-3.00# /usr/sfw/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004
The reason I think the bundled openssl is broken is because Thunderbird can receive the cert but the connection drops, turning on all the logging in dovecot I find this in my syslog:
Jun 4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login: SSL_accept() failed: error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19 6.182.15]
I found some messages on the imap-uw mailing list that indicate that this error could be caused by the bundled openssl. I've installed the latest openssl from source without problem and an updated packaged version from sunfreeware.com. I just can't seem to make Dovecot use them.
I've used crle to include /usr/local/ssl/lib in my library path. I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts I've tried CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot --with-ssl=openssl --with-ssldir=/etc/sslcerts
When I set the PKG_CONFIG_PATH the messages produced by configure and make make me think that /usr/local/ssl will be used.
Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see several references to the wrong libssl such as "open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY) = 3".
Does anyone know how to make Dovecot use a specified install of openssl? Or how to make Dovecot and the Solaris bundled openssl work?
-Chase
Chase wrote:
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already.
Chase wrote:
I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the broken version of openssl in /usr/sfw. How do I make dovecot use an alternate copy of openssl? How is it even finding the one in /usr/sfw?
Thanks, -Chase
I tried setting CPPFLAGS and LDFLAGS already. I had exactly the same problem. You can change the SSL_* variables in the Makefile explicitly to work around it. Include the same -I, -R and -L flags that you added in CFLAGS/LDFLAGS.
It is possible you can fix this by using crle to change the system's library path, but I haven't tried that yet since I got it to compile by modifying the makefile.
- Tore
participants (3)
-
Chase
-
infowolfe
-
Tore Andre Klock