Re: [Dovecot] Dovecot 1.2.16 compiling error
On 3.12.2010, at 8.36, Mart Pirita wrote:
RedHat 9 based distro, 2.6.24.2 kernel, OpenSSL 1.0.0a 1 Jun 2010
Hmm. v1.0.0a, really?..
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms'
I just hate OpenSSL. You can comment out that line from the code until I figure out what to do about this. That function was supposed to have existed since forever in OpenSSL. Or did the compiling log any warnings?
Timo Sirainen kirjutas:
RedHat 9 based distro, 2.6.24.2 kernel, OpenSSL 1.0.0a 1 Jun 2010 Hmm. v1.0.0a, really?..
Yes - compiled manually from openssl-1.0.0a.tar.gz and I'm pointing in dovecot.spec dovecot to use it:
export CPPFLAGS export LDFLAGS
CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS=-L/usr/local/ssl/lib
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms' I just hate OpenSSL. You can comment out that line from the code until I figure out what to do about this. That function was supposed to have existed since forever in OpenSSL.
Maybe I should downgrade OpenSSL to 0.9.8*?
Or did the compiling log any warnings?
The all warnings are:
configure: WARNING: unrecognized options: --with-rawlog, --disable-ipv6,
--without-passdb-userdb, --without-deliver
mail-index-map.c:175: warning: comparison between signed and unsigned
mail-index-map.c:1121: warning: comparison between signed and unsigned
mail-index-sync-ext.c:666: warning: comparison between signed and unsigned
mail-index-modseq.h:34: warning: parameter has incomplete type
mail-index-modseq.h:50: warning: parameter has incomplete type
mail-index-modseq.h:34: warning: parameter has incomplete type
mail-index-modseq.h:50: warning: parameter has incomplete type
mail-index-sync-update.c:469: warning: comparison between signed and
unsigned
mail-transaction-log-file.c:785: warning: comparison between signed and
unsigned
mailbox-list-fs-iter.c:490: warning: real_path' might be used uninitialized in this function maildir-sync-index.c:535: warning: comparison between signed and unsigned ../../../src/lib-index/mail-index-modseq.h:34: warning: parameter has incomplete type ../../../src/lib-index/mail-index-modseq.h:50: warning: parameter has incomplete type ../../../src/lib-index/mail-index-modseq.h:34: warning: parameter has incomplete type ../../../src/lib-index/mail-index-modseq.h:50: warning: parameter has incomplete type ssl-proxy-openssl.c:127: warning: passing arg 2 of d2i_DHparams' from
incompatible pointer type
ssl-proxy-openssl.c:130: warning: passing arg 2 of d2i_DHparams' from incompatible pointer type ssl-proxy-openssl.c:650: warning: implicit declaration of function SSL_get_current_compression'
ssl-proxy-openssl.c:650: warning: assignment makes pointer from integer
without a cast
ssl-proxy-openssl.c:652: warning: implicit declaration of function
SSL_COMP_get_name' ssl-proxy-openssl.c:915: warning: passing arg 1 of OBJ_txt2nid'
discards qualifiers from pointer target type
-- Mart
On 3.12.2010, at 9.04, Mart Pirita wrote:
Timo Sirainen kirjutas:
RedHat 9 based distro, 2.6.24.2 kernel, OpenSSL 1.0.0a 1 Jun 2010 Hmm. v1.0.0a, really?..
Yes - compiled manually from openssl-1.0.0a.tar.gz
I wonder if this is the reason for all your trouble.. Are there some old OpenSSL versions still installed? Maybe it's mixing headers of old OpenSSL with libs of new, or vice versa.
Timo Sirainen kirjutas:
I wonder if this is the reason for all your trouble.. Are there some old OpenSSL versions still installed? Maybe it's mixing headers of old OpenSSL with libs of new, or vice versa.
Yes. But strange, why until 1.2.16 all went fine? I'll try to compile older SSL, maybe this will help.
-- Mart
Timo Sirainen kirjutas:
I wonder if this is the reason for all your trouble.. Are there some old OpenSSL versions still installed? Maybe it's mixing headers of old OpenSSL with libs of new, or vice versa.
I did some tests, dovecot 1.2.15 compiles fine withh latest OpenSSL, but doesn't allow login at all:
Dec 3 12:29:08 tibu dovecot: child 13821 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:09 tibu dovecot: child 13820 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:11 tibu dovecot: child 13826 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142)
And gives segfaults:
Dec 3 12:29:08 tibu kernel: imap-login[13821]: segfault at 00000044 eip 08074f9c esp bf9c7390 error 4 Dec 3 12:29:09 tibu kernel: imap-login[13820]: segfault at 00000044 eip 08074f9c esp bf8f72c0 error 4 Dec 3 12:29:11 tibu kernel: imap-login[13826]: segfault at 00000044 eip 08074f9c esp bfa2d3f0 error 4
The last good OpenSSL is openssl-0.9.8l.tar.gz , 1.2.15 compiles and runs fine, however 1.2.16 compiling still fails:
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms' collect2: ld returned 1 exit status
Disabling the line 950, allows build it and it also runs fine.
So clearly something is done in 1.2.16 code, moreover, what is done in dovecot code, that at least in my case when using any newer than openssl-0.9.8l.tar.gz, builds fine, but gives segfaults when running it?
-- Mart
David Ford kirjutas:
openssl < 0.9.8o and <1.0.0b are vulnerable to exploits.
Yes I know, but ANY software is good until someone finds a bug in it.
Theoretically some may trying exploit it, but I'm pretty sure there are a lot more interesting places to do that:).
-- Mart
On 12/3/2010 10:55 AM, Mart Pirita wrote:
Timo Sirainen kirjutas:
I wonder if this is the reason for all your trouble.. Are there some old OpenSSL versions still installed? Maybe it's mixing headers of old OpenSSL with libs of new, or vice versa.
...
The last good OpenSSL is openssl-0.9.8l.tar.gz , 1.2.15 compiles and runs fine, however 1.2.16 compiling still fails:
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms' collect2: ld returned 1 exit status
Disabling the line 950, allows build it and it also runs fine.
I built 1.2.16 against openssl-0.9.8p just last week; it linked and is running fine for me. Have you tried any version after 0.9.8l?
Tom Talpey kirjutas:
I built 1.2.16 against openssl-0.9.8p just last week; it linked and is running fine for me. Have you tried any version after 0.9.8l?
Tested with openssl-0.9.8m, 0.9.8q, 1.0.0a, 1.0.0c, config options are simple:
./config --prefix=/usr/local/openssl && make && make install
And linked in spec:
export CPPFLAGS export LDFLAGS
CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS=-L/usr/local/ssl/lib
I can test more versions, but first I'd like to know did Timo changed something in code, as it compiles fine, but fails to run.
-- Mart
On 3.12.2010, at 16.23, Mart Pirita wrote:
I can test more versions, but first I'd like to know did Timo changed something in code, as it compiles fine, but fails to run.
The only change to SSL code I've done for almost a year has been adding that OpenSSL_add_all_algorithms() call, because without it some other OpenSSL installations failed.
Timo Sirainen kirjutas:
The only change to SSL code I've done for almost a year has been adding that OpenSSL_add_all_algorithms() call, because without it some other OpenSSL installations failed.
Hmm, but if I'm comping Dovecot with special made OpenSSL, then if even RedHat -s old OpenSSL is still there, it should not be an issue? As usually, if something builds fine, it also runs fine.
Just tested with openssl-0.9.8p, still errors:
Dec 3 18:39:10 tibu dovecot: child 20632 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 18:39:11 tibu dovecot: child 20634 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 18:39:18 tibu dovecot: child 20642 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 18:39:24 tibu dovecot: child 20633 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 18:39:32 tibu dovecot: child 20643 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142)
Dec 3 18:39:10 tibu kernel: printk: 7 messages suppressed. Dec 3 18:39:10 tibu kernel: imap-login[20632]: segfault at 00000044 eip 0807501c esp bfce4eb0 error 4 Dec 3 18:39:11 tibu kernel: imap-login[20634]: segfault at 00000044 eip 0807501c esp bfcd7ea0 error 4 Dec 3 18:39:18 tibu kernel: imap-login[20642]: segfault at 00000044 eip 0807501c esp bff82140 error 4 Dec 3 18:39:24 tibu kernel: imap-login[20633]: segfault at 00000044 eip 0807501c esp bfcc3e90 error 4 Dec 3 18:39:32 tibu kernel: imap-login[20643]: segfault at 00000044 eip 0807501c esp bfa4ec10 error 4 Dec 3 18:40:05 tibu kernel: imap-login[20644]: segfault at 00000044 eip 0807501c esp bf88d250 error 4
How to find out the reason?
-- Mart
Mart Pirita kirjutas:
./config --prefix=/usr/local/openssl && make && make install
And linked in spec:
export CPPFLAGS export LDFLAGS
CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS=-L/usr/local/ssl/lib
Las message included typo, the real path is /usr/local/ssl, so this is not an issue:).
-- Mart
On 12/3/2010 11:23 AM, Mart Pirita wrote:
Tom Talpey kirjutas:
I built 1.2.16 against openssl-0.9.8p just last week; it linked and is running fine for me. Have you tried any version after 0.9.8l?
Tested with openssl-0.9.8m, 0.9.8q, 1.0.0a, 1.0.0c, config options are simple:
./config --prefix=/usr/local/openssl &&
I assume that you re-ran configure in dovecot-1.2.16 and verified that it actually picked up the openssl libs from /usr/local afterwards? Beyond that, I guess I don't have a further suggestion.
Tom Talpey kirjutas:
I assume that you re-ran configure in dovecot-1.2.16 and verified that it actually picked up the openssl libs from /usr/local afterwards? Beyond that, I guess I don't have a further suggestion.
Yes, I did it multile times, and config.log seems also OK, so I also have no clue why it fails to run:
configure:4567: checking whether the C compiler works configure:4589: gcc -I/usr/local/ssl/include/openssl -L/usr/local/ssl/lib conftest.c >&5 configure:4593: $? = 0 configure:4642: result: yes configure:4645: checking for C compiler default output file name configure:4647: result: a.out configure:4653: checking for suffix of executables configure:4660: gcc -o conftest -I/usr/local/ssl/include/openssl -L/usr/local/ssl/lib conftest.c >&5 configure:4664: $? = 0 configure:4686: result: configure:4708: checking whether we are cross compiling configure:4716: gcc -o conftest -I/usr/local/ssl/include/openssl -L/usr/local/ssl/lib conftest.c >&5 configure:4720: $? = 0 configure:4727: ./conftest configure:4731: $? = 0 configure:4746: result: no configure:4751: checking for suffix of object files configure:4773: gcc -c -I/usr/local/ssl/include/openssl conftest.c >&5 configure:4777: $? = 0 configure:4798: result: o configure:4802: checking whether we are using the GNU C compiler configure:4821: gcc -c -I/usr/local/ssl/include/openssl conftest.c >&5 configure:4821: $? = 0 configure:4830: result: yes configure:4839: checking whether gcc accepts -g configure:4859: gcc -c -g -I/usr/local/ssl/include/openssl conftest.c >&5 configure:4859: $? = 0 configure:4900: result: yes configure:4917: checking for gcc option to accept ISO C89 configure:4981: gcc -c -g -O2 -I/usr/local/ssl/include/openssl conftest.c >&5 configure:4981: $? = 0 configure:4994: result: none needed configure:5016: checking dependency style of gcc configure:5126: result: gcc3 configure:5142: checking for library containing strerror configure:5173: gcc -o conftest -g -O2 -I/usr/local/ssl/include/openssl -L/usr/local/ssl/lib conftest.c >&5 configure:5173: $? = 0 configure:5190: result: none required configure:5246: checking for gcc configure:5273: result: gcc configure:5502: checking for C compiler version configure:5511: gcc --version >&5 gcc (GCC) 3.3.6
-- Mart
On 3.12.2010, at 16.59, Mart Pirita wrote:
Tom Talpey kirjutas:
I assume that you re-ran configure in dovecot-1.2.16 and verified that it actually picked up the openssl libs from /usr/local afterwards? Beyond that, I guess I don't have a further suggestion.
Yes, I did it multile times, and config.log seems also OK, so I also have no clue why it fails to run:
Here's a way to find out for sure. Apply the attached patch, compile and check the resulting imap-login binary:
strings imap-login | grep OpenSSL ldd imap-login | grep libssl
Is the string correct, and does ldd point to the right libssl?
Timo Sirainen kirjutas:
Here's a way to find out for sure. Apply the attached patch, compile and check the resulting imap-login binary:
Done:
strings imap-login | grep OpenSSL
[mart@tibu imap-login]# strings imap-login | grep OpenSSL OpenSSL 0.9.6b [engine] 9 Jul 2001 OpenSSL malloc() failed. You may need to increase login_process_size TLSv1 part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL 0.9.8l 5 Nov 2009 SSLv2 part of OpenSSL 0.9.8l 5 Nov 2009 SSLv3 part of OpenSSL 0.9.8l 5 Nov 2009 %s(%d): OpenSSL internal error, assertion failed: %s Big Number part of OpenSSL 0.9.8l 5 Nov 2009 EC part of OpenSSL 0.9.8l 5 Nov 2009 RSA part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL DH Method Diffie-Hellman part of OpenSSL 0.9.8l 5 Nov 2009 Stack part of OpenSSL 0.9.8l 5 Nov 2009 lhash part of OpenSSL 0.9.8l 5 Nov 2009 EVP part of OpenSSL 0.9.8l 5 Nov 2009 ASN.1 part of OpenSSL 0.9.8l 5 Nov 2009 X.509 part of OpenSSL 0.9.8l 5 Nov 2009 MD2 part of OpenSSL 0.9.8l 5 Nov 2009 MD5 part of OpenSSL 0.9.8l 5 Nov 2009 SHA1 part of OpenSSL 0.9.8l 5 Nov 2009 SHA-256 part of OpenSSL 0.9.8l 5 Nov 2009 SHA-512 part of OpenSSL 0.9.8l 5 Nov 2009 RC2 part of OpenSSL 0.9.8l 5 Nov 2009 RC4 part of OpenSSL 0.9.8l 5 Nov 2009 IDEA part of OpenSSL 0.9.8l 5 Nov 2009 DSA part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL DSA method ECDSA part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL ECDSA method ECDH part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL ECDH method RAND part of OpenSSL 0.9.8l 5 Nov 2009 You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html PEM part of OpenSSL 0.9.8l 5 Nov 2009 CONF part of OpenSSL 0.9.8l 5 Nov 2009 CONF_def part of OpenSSL 0.9.8l 5 Nov 2009 OpenSSL default OpenSSL default user interface OpenSSL 'dlfcn' shared library method
mart@tibu imap-login]# ldd imap-login | grep libssl [mart@tibu imap-login]#
[mart@tibu imap-login]# ldd imap-login libdl.so.2 => /lib/libdl.so.2 (0xb7fcb000) librt.so.1 => /lib/librt.so.1 (0xb7fb8000) libc.so.6 => /lib/libc.so.6 (0xb7e8d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fd8000) libpthread.so.0 => /lib/libpthread.so.0 (0xb7e3c000)
ldd imap-login | grep libssl
Is the string correct, and does ldd point to the right libssl?
Something is OK, something not?
Please advise?
-- Mart
On Fri, 2010-12-03 at 19:35 +0200, Mart Pirita wrote:
strings imap-login | grep OpenSSL
[mart@tibu imap-login]# strings imap-login | grep OpenSSL OpenSSL 0.9.6b [engine] 9 Jul 2001 OpenSSL malloc() failed. You may need to increase login_process_size TLSv1 part of OpenSSL 0.9.8l 5 Nov 2009
This looks messed up. Some part of OpenSSL is from 0.9.6b and some part is from 0.9.8l.
[mart@tibu imap-login]# ldd imap-login libdl.so.2 => /lib/libdl.so.2 (0xb7fcb000) librt.so.1 => /lib/librt.so.1 (0xb7fb8000) libc.so.6 => /lib/libc.so.6 (0xb7e8d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fd8000) libpthread.so.0 => /lib/libpthread.so.0 (0xb7e3c000)
No libssl.. I guess it's you then need to do:
ldd src/login-common/.libs/libdovecot-login.so | grep libssl
Timo Sirainen kirjutas:
This looks messed up. Some part of OpenSSL is from 0.9.6b and some part is from 0.9.8l.
Noticed too, seems dovecot doesn't fully trust export CPPFLAGS/LDFLAGS paths?
BTW, why dovecot uses "export CPPFLAGS/LDFLAGS" and not typical --with-ssl=/usr/local/ssl etc style?
No libssl.. I guess it's you then need to do:
ldd src/login-common/.libs/libdovecot-login.so | grep libssl
Hmm, no such dir or file:
cd src/login-common/
[mart@tibu login-common]# ls -al total 848 drwxr-xr-x 3 root root 4096 Dec 3 19:29 . drwxr-xr-x 26 root root 4096 Dec 3 19:26 .. -rw-r--r-- 1 root root 5481 May 24 2010 client-common.c -rw-r--r-- 1 root root 1747 May 24 2010 client-common.h -rw-r--r-- 1 root root 27924 Dec 3 19:29 client-common.o -rw-r--r-- 1 root root 1073 May 24 2010 common.h drwxr-xr-x 2 root root 4096 Dec 3 19:29 .deps -rw-r--r-- 1 root root 327160 Dec 3 19:29 liblogin-common.a -rw-r--r-- 1 root root 11580 May 24 2010 login-proxy.c -rw-r--r-- 1 root root 2563 May 24 2010 login-proxy.h -rw-r--r-- 1 root root 34080 Dec 3 19:29 login-proxy.o -rw-r--r-- 1 root root 1634 May 24 2010 login-proxy-state.c -rw-r--r-- 1 root root 519 May 24 2010 login-proxy-state.h -rw-r--r-- 1 root root 19092 Dec 3 19:29 login-proxy-state.o -rw-r--r-- 1 root root 13258 May 24 2010 main.c -rw-r--r-- 1 root root 53840 Dec 3 19:29 main.o -rw-r--r-- 1 root root 16420 Dec 3 19:26 Makefile -rw-r--r-- 1 root root 529 May 24 2010 Makefile.am -rw-r--r-- 1 root root 16289 Nov 8 21:39 Makefile.in -rw-r--r-- 1 root root 7591 May 24 2010 master.c -rw-r--r-- 1 root root 734 May 24 2010 master.h -rw-r--r-- 1 root root 39212 Dec 3 19:29 master.o -rw-r--r-- 1 root root 5717 May 24 2010 sasl-server.c -rw-r--r-- 1 root root 696 May 24 2010 sasl-server.h -rw-r--r-- 1 root root 26868 Dec 3 19:29 sasl-server.o -rw-r--r-- 1 root root 1402 May 24 2010 ssl-proxy.c -rw-r--r-- 1 root root 13005 May 24 2010 ssl-proxy-gnutls.c -rw-r--r-- 1 root root 16936 Dec 3 19:29 ssl-proxy-gnutls.o -rw-r--r-- 1 root root 1261 May 24 2010 ssl-proxy.h -rw-r--r-- 1 root root 10956 Dec 3 19:29 ssl-proxy.o -rw-r--r-- 1 root root 23127 Dec 3 19:21 ssl-proxy-openssl.c -rw-r--r-- 1 root root 95892 Dec 3 19:29 ssl-proxy-openssl.o
-- Mart
On Fri, 2010-12-03 at 20:38 +0200, Mart Pirita wrote:
Timo Sirainen kirjutas:
This looks messed up. Some part of OpenSSL is from 0.9.6b and some part is from 0.9.8l.
Noticed too, seems dovecot doesn't fully trust export CPPFLAGS/LDFLAGS paths?
Or there are some other parameters that conflict with it. Show the gcc command line when compiling ssl-proxy-openssl.c and when linking imap-login binary? If there is -I/usr/include that could explain it..
BTW, why dovecot uses "export CPPFLAGS/LDFLAGS" and not typical --with-ssl=/usr/local/ssl etc style?
I've answered this many times. In short: I don't like that style. Not as a programmer and not as a user when compiling other programs. It makes too many assumptions and guesses.
No libssl.. I guess it's you then need to do:
ldd src/login-common/.libs/libdovecot-login.so | grep libssl
Hmm, no such dir or file:
Oh, right, v1.2 and not v2.0. So libssl was linked statically to imap-login, I guess? That explains why there were so many matches to the strings grep.
Timo Sirainen kirjutas:
Or there are some other parameters that conflict with it. Show the gcc command line when compiling ssl-proxy-openssl.c and when linking imap-login binary? If there is -I/usr/include that could explain it..
Can't find anything:
[mart@tibu dovecot-1.2.16]# grep imap-login compile.log
Making clean in imap-login
make[2]: Entering directory /usr/src/redhat/dovecot-1.2.16/src/imap-login' rm -f imap-login make[2]: Leaving directory /usr/src/redhat/dovecot-1.2.16/src/imap-login'
config.status: creating src/imap-login/Makefile
Making all in imap-login
make[3]: Entering directory /usr/src/redhat/dovecot-1.2.16/src/imap-login' /bin/sh ../../libtool --tag=CC --mode=link gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -L/usr/local/ssl/lib -o imap-login client.o client-authenticate.o imap-proxy.o ../login-common/liblogin-common.a ../lib-imap/libimap.a ../lib-auth/libauth.a ../lib/liblib.a -lssl -lcrypto -ldl -lrt libtool: link: gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -o imap-login client.o client-authenticate.o imap-proxy.o -L/usr/local/ssl/lib ../login-common/liblogin-common.a ../lib-imap/libimap.a ../lib-auth/libauth.a ../lib/liblib.a -lssl -lcrypto -ldl -lrt make[3]: Leaving directory /usr/src/redhat/dovecot-1.2.16/src/imap-login'
[mart@tibu dovecot-1.2.16]# grep ssl-proxy-openssl.c compile.log gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-auth -DPKG_RUNDIR=\""/var/run/dovecot"\" -DPKG_STATEDIR=\""/usr/var/lib/dovecot"\" -DSBINDIR=\""/usr/sbin"\" -I/usr/local/ssl/include/openssl -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -MT ssl-proxy-openssl.o -MD -MP -MF .deps/ssl-proxy-openssl.Tpo -c -o ssl-proxy-openssl.o ssl-proxy-openssl.c
[mart@tibu dovecot-1.2.16]# grep /usr/include compile.log -e "s|^dovecot_incdir=|dovecot_incdir=/usr/include/dovecot|" > dovecot-config
Oh, right, v1.2 and not v2.0. So libssl was linked statically to imap-login, I guess? That explains why there were so many matches to the strings grep.
I think so.
-- Mart
On 4.12.2010, at 8.37, Mart Pirita wrote:
Timo Sirainen kirjutas:
Or there are some other parameters that conflict with it. Show the gcc command line when compiling ssl-proxy-openssl.c and when linking imap-login binary? If there is -I/usr/include that could explain it..
Can't find anything:
Still, it's increasingly looking like some kind of conflict between two OpenSSL versions and really nothing to do with Dovecot itself. Can't you just upgrade to a non-ancient OS with a newer OpenSSL?
Timo Sirainen kirjutas:
Still, it's increasingly looking like some kind of conflict between two OpenSSL versions and really nothing to do with Dovecot itself. Can't you just upgrade to a non-ancient OS with a newer OpenSSL?
Actually this OS is quite a lot manually updated and so far all works well, and upgrade isn't so easy. So first I will search a way to upgrade built in OpenSSL and if this doesn't work, then the upgrade seems to be the only solution.
-- Mart
Timo Sirainen kirjutas:
CPPFLAGS=-I/usr/local/ssl/include/openssl Try -I/usr/local/ssl/include
Well, Timo - You did it again, small thing, but nobody, except You noticed.
With: export CPPFLAGS export LDFLAGS
CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib
1.2.16 from original (ssl-proxy-openssl.c:950 line is active) compiled fine, and also runs fine with openssl-0.9.8p (previous good one was openssl-0.9.8l).
Again, thank You and Your patience.
P.S. Maybe some hint into wiki about it would be good?
-- Mart
Timo Sirainen kirjutas:
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms' I just hate OpenSSL. You can comment out that line from the code until I figure out what to do about this. That function was supposed to have existed since forever in OpenSSL.
Downgrading SSL didn't help, so I disabled this line and compiled 1.2.16, however, can't use it, as login fails:
Dec 3 12:29:08 tibu dovecot: child 13821 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:09 tibu dovecot: child 13820 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:11 tibu dovecot: child 13826 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142)
# 1.2.16: /etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Red Hat Linux release 8.0 (Psyche) protocols: imaps pop3 pop3s ssl_parameters_regenerate: 0 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_log_format_elements: %u [%r] %m %c mail_max_userip_connections(default): 90 mail_max_userip_connections(imap): 90 mail_max_userip_connections(pop3): 9 mail_location: maildir:~/Maildir maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(pop3): bytes=%i/%o, del=%d/%m, size=%s lda: postmaster_address: postmaster@example.com auth default: mechanisms: plain login cache_size: 1024 failure_delay: 3 passdb: driver: pam args: cache_key=%u%r%s * userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
-- Mart
Timo Sirainen kirjutas:
/usr/src/redhat/BUILD/dovecot-1.2.16/src/login-common/ssl-proxy-openssl.c:950: undefined reference to `OpenSSL_add_all_algorithms' I just hate OpenSSL. You can comment out that line from the code until I figure out what to do about this. That function was supposed to have existed since forever in OpenSSL.
Downgrading SSL din't help, so I disabled line 950 and 1.2.16 compiled fine, however I can't use it, as now all logins fail:
Dec 3 12:29:08 tibu dovecot: child 13821 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:09 tibu dovecot: child 13820 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142) Dec 3 12:29:11 tibu dovecot: child 13826 (login) killed with signal 11 (core dumps disabled) (ip=195.50.217.142)
# 1.2.16: /etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Red Hat Linux release 8.0 (Psyche) protocols: imaps pop3 pop3s ssl_parameters_regenerate: 0 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_log_format_elements: %u [%r] %m %c mail_max_userip_connections(default): 90 mail_max_userip_connections(imap): 90 mail_max_userip_connections(pop3): 9 mail_location: maildir:~/Maildir maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(pop3): bytes=%i/%o, del=%d/%m, size=%s lda: postmaster_address: postmaster@example.com auth default: mechanisms: plain login cache_size: 1024 failure_delay: 3 passdb: driver: pam args: cache_key=%u%r%s * userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
Should I move to Dovecot 2?
-- Mart
participants (4)
-
David Ford
-
Mart Pirita
-
Timo Sirainen
-
Tom Talpey