[Dovecot] Dovecot 1.0beta7: STARTTLS/SSL not wanting to start

Mike Brudenell pmb1 at york.ac.uk
Tue May 9 14:03:14 EEST 2006 

Greetings -

--On 9 May 2006 06:45:18 -0400 Charles Marcus <CMarcus at Media-Brokers.com> 
wrote:

> Which mail client(s)?
>
> STARTTLS support is broken in Thunderbird, per a recent thread with
> subject 'START + TLS'

Every mail client I've so far tried: Mulberry, Apple's Mail and Outlook.

However I've made progress and believe I've now trakced down the problem, 
which appears to be a conflist of OpenSSL includes/libraries being used...

We use the Blastwave distribution of OpenSSL 0.9.8, which installs itself in
        /opt/csw/include/openssl
and     /opt/csw/lib

I had added a "-I/opt/csw/include/openssl" to the CFLAGS environment 
variable before configuring and building Dovecot but had not added a
"-L/opt/csw/lib" believing this would be picked up by the run-time linker. 
(We have used the Solaris "crle" command to add this directory to the 
standard paths the loader searches at run-time.

However unbeknownst to me a colleague had installed some Sun Freeware 
distributions on our communal test machine.  In amongst these was the Sun 
FreeWare version of the OpenSSL libraries ... but only version 0.9.7!

All might yet have been OK except Dovecot's "configure" script used the 
"pkg-config" command to sniff out any C and loader options it thought it 
needed to use to link against OpenSSL ... and was told to use
"-L/usr/sfw/lib":

    % pkg-config --libs openssl
    -R/usr/sfw/lib -L/usr/sfw/lib -lssl -lcrypto -lsocket -lnsl -ldl

So use these libraries it did.  This meant Dovecot was being built using 
the include files for OpenSSL 0.9.8 but the library files from 0.9.7 :-(

Adding a "-L/opt/csw/lib" explicitly to the LDFLAGS environment variable 
and re-configuring/building Dovecot has given a binary that works just fine 
with SSL now.

I\m still slightly baffled why when I changed LDFLAGS earlier in my first 
set of testing it didn't have any effect.  I can only think something had 
been cached in the config.cache file and/or something built with against 
the incorrect versions of the files, and I should have done a "make 
distclean" to sort things out.

Now to go and find out why we have these Sun FreeWare packages on this 
system rather than the Blastwave ones we normally use... >-(

MORAL:  If anyone else experiences this problem check your include and
        library files for OpenSSL are consistent before getting paranoid
        about certificate files being broken etc!

Cheers,
Mike B-)

-- 
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

More information about the dovecot mailing list