Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Mon Mar 20 17:07:29 EET 2017
* Aki Tuomi <aki.tuomi at dovecot.fi>:
> Could you send us the gdb bt full backtrace for the core file?
Currently I can't get it to create coredumps
doveconf -n:
# 2.2.devel (3f97702): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.devel (023f391)
# OS: Linux 4.4.0-65-generic x86_64 Ubuntu 16.04.2 LTS
auth_mechanisms = plain login
default_vsz_limit = 1 G
imapc_host = exchange-imap.charite.de
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
listen = *,::
mail_gid = imapproxy
mail_home = /home/imapproxy/%u
mail_location = imapc:~/imapc
mail_plugins = mail_log notify
mail_uid = imapproxy
passdb {
args = host=exchange-imap.charite.de port=993 ssl=imaps
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993
driver = imap
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap
service auth {
inet_listener {
address = 127.0.0.1
port = 12345
}
}
ssl = required
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch
}
verbose_proctitle = yes
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt at charite.de | http://www.charite.de
More information about the dovecot
mailing list