Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)

Aki Tuomi aki.tuomi at dovecot.fi
Mon Mar 20 16:57:23 EET 2017



On 20.03.2017 16:40, Ralf Hildebrandt wrote:
> * Aki Tuomi <aki.tuomi at dovecot.fi>:
>>
>> On 20.03.2017 14:30, Ralf Hildebrandt wrote:
>>> ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
>> Leave the < out. It is misleading, I know, but it does say file. =)
> Makes no difference:
>
> # doveconf |fgrep ssl_client_ca
> ssl_client_ca_dir = 
> ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
>
> and with auto8 I still get:
>
> Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context
> Mar 20 15:38:20 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<YWuNeipLKLGNKs4k>): Disconnected from server
> Mar 20 15:38:20 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=52992, EOF)
> Mar 20 15:38:20 mproxy dovecot: auth: Fatal: master: service(auth): child 52990 killed with signal 11 (core dumped)
>
> going back to auto6 and everything is peachy again.
>

Hi!

Could you send us the gdb bt full backtrace for the core file? Also, can
you send doveconf -n?

Aki


More information about the dovecot mailing list