SOLVED Re: [Dovecot] Specifying which openssl to use

Chase chase at osdev.org
Sun Jun 4 11:48:33 EEST 2006 

The problem seems to have been Sun's linker. The only not standard thing 
I had to do was add in a -R option to the LDFLAGS.

CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' ./configure --with-ssl=openssl

I've added a little text to http://wiki.dovecot.org/CompilingSource 
about this. Hopefully the same information will be added to the INSTALL 
file that comes with the source code so some else doesn't waste an 
entire weekend on something so trivial.

-Chase


infowolfe wrote:
> not sure if you've tried ./configure --help, but ./configure
> --with-openssl=/usr/local/openssl-0.9.8b would probably fix things for
> you (assuming you installed into that directory vs compiled in that
> directory.
>
> On 6/3/06, Chase <chase at osdev.org> wrote:
>> We'll I've spent the entire day trying to make Dovecot with TLS/SSL work
>> on Solaris 10 and I'm not any closer.
>>
>> This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
>>
>> bash-3.00# /usr/sfw/bin/openssl version
>> OpenSSL 0.9.7d 17 Mar 2004
>>
>> The reason I think the bundled openssl is broken is because Thunderbird
>> can receive the cert but the connection drops, turning on all the
>> logging in dovecot I find this in my syslog:
>>
>> Jun  4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login:
>> SSL_accept() failed: error:1409D08A:SSL
>> routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19
>> 6.182.15]
>>
>> I found some messages on the imap-uw mailing list that indicate that
>> this error could be caused by the bundled openssl. I've installed the
>> latest openssl from source without problem and an updated packaged
>> version from sunfreeware.com. I just can't seem to make Dovecot use 
>> them.
>>
>> I've used crle to include /usr/local/ssl/lib in my library path.
>> I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my 
>> configure
>> I've tried CPPFLAGS=-I/usr/local/ssl/include
>> LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot
>> --with-ssl=openssl --with-ssldir=/etc/sslcerts
>> I've tried CPPFLAGS=-I/usr/local/ssl/include
>> LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot
>> --with-ssl=openssl --with-ssldir=/etc/sslcerts
>>
>> When I set the PKG_CONFIG_PATH the messages produced by configure and
>> make make me think that /usr/local/ssl will be used.
>>
>> Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see
>> several references to the wrong libssl such as
>> "open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY)  = 3".
>>
>> Does anyone know how to make Dovecot use a specified install of openssl?
>> Or how to make Dovecot and the Solaris bundled openssl work?
>>
>> -Chase
>>
>>
>> Chase wrote:
>> > I'm trying to setup dovecot on Solaris 10. I can get it all working
>> > except TLS/SSL. I traced my problem down to the version of openssl
>> > that Solaris 10 ships with. The fix is supposed to be to use a newer
>> > version of openssl. Without removing the built-in version of openssl
>> > I've installed openssl-0.9.8b to /usr/local.
>> >
>> > When I "./configure" dovecot it seems to always pick up the broken
>> > version of openssl in /usr/sfw.  How do I make dovecot use an
>> > alternate copy of openssl? How is it even finding the one in /usr/sfw?
>> >
>> > Thanks,
>> > -Chase
>> >
>> > I tried setting CPPFLAGS and LDFLAGS already.
>> >
>>
>>
>

More information about the dovecot mailing list