execve(/usr/bin/sieve-test) failed: Argument list too long
Hi Dovecot developers,
while debugging the above error message from sieve-test, I found out, that the content of directive ssl_ca is added as env var SSL_CA by doveconf on execve and sieve-test now uses doveconf.
In our setup, ssl_ca is set to ssl_ca = </etc/ssl/certs/ca-certificates.crt on our director servers. We have backend servers with certificates signed by two different CAs and to avoid problems if a backend switches to a different CA, I decided to allow all "known" CAs. The corresponding env var SSL_CA has more than 230500 bytes, which causes execve to fail with error E2BIG.
I found a workaround for the problem by setting ssl_ca = </etc/dovecot/backendCAs.pem Where this file contains only the two CAs used atm. However I would like to request a fix for this issue as others might also want to have all "known" CAs set for dovecot director backend connections.
Best,
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Administration: Information Services and Technology Max-Planck-Institute fuer Informatik & Softwaresysteme
On 02/12/2021 17:16 Patrick Cernko <pcernko@mpi-klsb.mpg.de> wrote:
Hi Dovecot developers,
while debugging the above error message from sieve-test, I found out, that the content of directive ssl_ca is added as env var SSL_CA by doveconf on execve and sieve-test now uses doveconf.
In our setup, ssl_ca is set to ssl_ca = </etc/ssl/certs/ca-certificates.crt on our director servers. We have backend servers with certificates signed by two different CAs and to avoid problems if a backend switches to a different CA, I decided to allow all "known" CAs. The corresponding env var SSL_CA has more than 230500 bytes, which causes execve to fail with error E2BIG.
I found a workaround for the problem by setting ssl_ca = </etc/dovecot/backendCAs.pem Where this file contains only the two CAs used atm. However I would like to request a fix for this issue as others might also want to have all "known" CAs set for dovecot director backend connections.
Best,
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Administration: Information Services and Technology Max-Planck-Institute fuer Informatik & Softwaresysteme
Hi!
Thanks for reporting this issue, it's related to a known issue and will be fixed.
Aki
participants (2)
-
Aki Tuomi
-
Patrick Cernko