[Dovecot] client cert handling not working properly on centos 4.8

zhong ming wu mr.z.m.wu at gmail.com
Sun Feb 28 04:45:42 EET 2010

Dear List

I've successfully installed/configured dovecot 1.2.10 with "require
client cert" on centos 5.4 and ubuntu server 9.10

I also need to install on centos 4.8 and after the following the exact
same procedure I can only get it working
if I commented out   ssl_require_client_cert =yes and
ssl_username_from_cert = yes from the working config file.

This is even after compiling dovecot with openssl 0.9.8l on centos 4.8

If I copy the same "client_ca.crt" from centos 4.8 to centos 5.4 then
centos 5.4 does not problem in verifying client cert.

That file contain CRL as well as certificate which signs the pkcs12
file installed on the client.

The following log entries do not appear on centos 5.4
Feb 27 21:17:33 localhost dovecot: pop3-login: Invalid certificate:
unable to get certificate CRL: /C=US/ST=New York/L=Astoria/O=SnakeOil
Inc./OU=Email Administration/CN=web at example.com
Feb 27 21:17:33 localhost dovecot: pop3-login: Valid certificate:
/C=US/ST=NY/L=TEST/O=Internet Widgits Pty Ltd

$ dovecot -n

# OS: Linux 2.6.9-89.0.20.EL i686 CentOS release 4.8 (Final) ext3
base_dir: /var/run/dovecot/
protocols: pop3
ssl_ca_file: /etc/pki/certs/dovecot/client_ca.crt
ssl_cert_file: /etc/pki/certs/vrane.com/pop.crt
ssl_key_file: /etc/pki/private/vrane.com/pop.key
ssl_parameters_regenerate: 29
ssl_verify_client_cert: yes
verbose_ssl: yes
login_dir: /var/run/dovecot//login
login_executable: /usr/libexec/dovecot/pop3-login
mail_location: maildir:/home/vmail/%d/%n
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/pop3
auth default:
  user: squab
  debug: yes
  ssl_require_client_cert: yes
  ssl_username_from_cert: yes
    driver: passwd-file
    args: /etc/dovecot/shadow/%d
    driver: static
    args: uid=2000 gid=2000 home=/home/vmail/%d/%n
    type: listen
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix

More information about the dovecot mailing list