Dovecot 2.2.25 fails on SSL

Andreas M. Kirchwitz amk at spamfence.net
Fri Sep 2 14:35:57 UTC 2016


Aki Tuomi <aki.tuomi at dovecot.fi> wrote:

> Well, then it leaves only option of using /etc/ld.so.conf
> so basically add your libssl location there.

That's not a working solution and not the purpose of /etc/ld.so.conf.

Currently, this is a real-life security issue in Dovecot 2.2.25,
because it compiles fine but then - to the user - silently fails
to use SSL. The user who doesn't know better reconfigures his
client and all security is gone. :-(

Custom SSL worked fine in Dovecot 2.2.24, so obviously it can be
made to work. The question is just where to add the proper options,
or maybe "configure" is broken in some way.

I'm happy to try out more patches until the proper solution is
found. I've already tried adding SSL libs in various locations
during the build process but it hast always the same result
that it never gets past "configure".

	Greetings, Andreas


More information about the dovecot mailing list