[Dovecot] ssl + dovecot + debian sid
Hi!
On the unstable version of Debian I try to use Dovecot POP3-ssl server. I both tried out the debian package(1.0.alpha3-2.0.1) from the official repository and compiling from source(1.0 alpha3 version). The error is always the same: Oct 15 09:28:04 www dovecot: pop3-login: Can't set cipher list to 'all:! LOW': error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library Is it a bug of dovecot or a bug of the openssl package? My relevant libssl packages: Package: libssl0.9.8 State: installed Version: 0.9.8-3
Package: libssl0.9.7 State: installed Version: 0.9.7g-5
Thanks:
Aron Novak
Hi,
Can't set cipher list to 'all:!LOW'
If you have uncommented the 'ssl_cipher_list' directive from your dovecot.conf, make sure to use the correct case:
ssl_cipher_list = ALL:!LOW
It is advisable not to use a dovecot.conf based on an earlier dovecot version - only use the one coming with the version you are using, thus from the 1.0.alpha3 package.
best, rob.
-- On Sun, 16 Oct 2005, 10:12 GMT+02 Novák Áron wrote:
Hi!
On the unstable version of Debian I try to use Dovecot POP3-ssl server. I both tried out the debian package(1.0.alpha3-2.0.1) from the official repository and compiling from source(1.0 alpha3 version). The error is always the same: Oct 15 09:28:04 www dovecot: pop3-login: Can't set cipher list to 'all:! LOW': error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library Is it a bug of dovecot or a bug of the openssl package? My relevant libssl packages: Package: libssl0.9.8 State: installed Version: 0.9.8-3
Package: libssl0.9.7 State: installed Version: 0.9.7g-5
Thanks:
Aron Novak
Hi,
Can't set cipher list to 'all:!LOW'
If you have uncommented the 'ssl_cipher_list' directive from your dovecot.conf, make sure to use the correct case:
ssl_cipher_list = ALL:!LOW
It is advisable not to use a dovecot.conf based on an earlier dovecot version - only use the one coming with the version you are using, thus from the 1.0.alpha3 package. Thanks for the immadiate reply. I corrected the configfile(use a new one from the package), but the error is very similar: Oct 16 12:25:28 www dovecot: pop3-login: Can't load certificate file /etc/ssl/certs/dovecot.pem: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library I regenerated my certs with mkcerts.sh, but it didn't solve the problem.
Aron
On Sun, 16 Oct 2005 the mental interface of aaron@szentimre.hu told:
Hi,
Can't set cipher list to 'all:!LOW'
If you have uncommented the 'ssl_cipher_list' directive from your dovecot.conf, make sure to use the correct case:
ssl_cipher_list = ALL:!LOW
It is advisable not to use a dovecot.conf based on an earlier dovecot version - only use the one coming with the version you are using, thus from the 1.0.alpha3 package. Thanks for the immadiate reply. I corrected the configfile(use a new one from the package), but the error is very similar: Oct 16 12:25:28 www dovecot: pop3-login: Can't load certificate file /etc/ssl/certs/dovecot.pem: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library I regenerated my certs with mkcerts.sh, but it didn't solve the problem.
See BUG#334180 in the Debian BTS.
Elimar
-- Obviously the human brain works like a computer. Since there are no stupid computers humans can't be stupid. There are just a few running with Windows or even CE ;-)
2005-10-16, v keltezéssel 13.13-kor Elimar Riesebieter ezt írta:
On Sun, 16 Oct 2005 the mental interface of aaron@szentimre.hu told:
routines:DLFCN_LOAD:could not load the shared library I regenerated my certs with mkcerts.sh, but it didn't solve the problem.
See BUG#334180 in the Debian BTS. I solved the problem with downgrading the dovecot from the official, stable(sarge) debian repository.
Thanks:
Aron
On Sun, 16 Oct 2005, Novák Áron wrote:
2005-10-16, v keltezéssel 13.13-kor Elimar Riesebieter ezt írta:
On Sun, 16 Oct 2005 the mental interface of aaron@szentimre.hu told:
routines:DLFCN_LOAD:could not load the shared library I regenerated my certs with mkcerts.sh, but it didn't solve the problem.
See BUG#334180 in the Debian BTS. I solved the problem with downgrading the dovecot from the official, stable(sarge) debian repository.
that will take you all the way down to 0.99.14. I recommend using the version of 1.0alpha3 from testing instead until this gets sorted out.
Btw, this is the problem. -2.0.1 was a non-maintainer upload to get dovecot depending on openssl 0.9.8. Apparently the openssl maintainer has compiled 0.9.8 in such a way that the engines are plugins. dovecots login process chroots and the plugins are not available in the chroot so you get that error message.
Most likely the fix will be to have openssl link everything in statically. Then dovecot will magically start working again.
-- Jaldhar H. Vyas jaldhar@debian.org La Salle Debain - http://www.braincells.com/debian/
On Sun, 2005-10-16 at 08:39 -0400, Jaldhar H. Vyas wrote:
Btw, this is the problem. -2.0.1 was a non-maintainer upload to get dovecot depending on openssl 0.9.8. Apparently the openssl maintainer has compiled 0.9.8 in such a way that the engines are plugins. dovecots login process chroots and the plugins are not available in the chroot so you get that error message.
This was also my first guess, but it breaks already when loading certificates. Dovecot hasn't yet chrooted or dropped root privileges at that point.
On Sun, 16 Oct 2005, Timo Sirainen wrote:
This was also my first guess, but it breaks already when loading certificates. Dovecot hasn't yet chrooted or dropped root privileges at that point.
That's true. Hmm, so do you think this was some incompatible API change in 0.9.8 or something?
-- Jaldhar H. Vyas jaldhar@debian.org La Salle Debain - http://www.braincells.com/debian/
On Sun, 2005-10-16 at 13:09 -0400, Jaldhar H. Vyas wrote:
On Sun, 16 Oct 2005, Timo Sirainen wrote:
This was also my first guess, but it breaks already when loading certificates. Dovecot hasn't yet chrooted or dropped root privileges at that point.
That's true. Hmm, so do you think this was some incompatible API change in 0.9.8 or something?
I have no idea.. Although the error message looks as if it can't load some plugin. Maybe the whole openssl package is broken?
participants (6)
-
aaron@szentimre.hu
-
Elimar Riesebieter
-
Jaldhar H. Vyas
-
Novák Áron
-
Robert Allerstorfer
-
Timo Sirainen