[Dovecot] dovecot and ldaps://

David Coppa david.coppa at bsdgeek.it
Fri Dec 2 17:37:42 EET 2005


Hi all,
I've managed to get dovecot running with ldaps (ssl over port 636, not starttls).
Btw, it's working right only if i specify "TLSVerifyClient never" in my slapd.conf.

With any other parameter (like "TLSVerifyClient demand"), the bind fails with:

connection_get(12)
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(12)
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
+/usr/src/lib/libssl/src/ssl/s3_srvr.c:2004
connection_read(12): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=12 for close
connection_close: conn=0 sd=12

Is there a way to specify, in the dovecot-ldap.conf file, where to look for the client
certificate and key files? Or maybe make dovecot parse the ldaprc file under /etc?

Best Regards,
David



More information about the dovecot mailing list