dovecot-2.3 (-git) Warning and Fatal Compile Error
Reuben Farrelly
reuben-dovecot at reub.net
Mon Oct 30 00:23:17 EET 2017
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
>> On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot at reub.net> wrote:
>>
>>
>> Hi again,
>>
>> Chasing down one last problem which seems to have been missed from my
>> last email:
>>
>> On 20/10/2017 9:22 PM, Stephan Bosch wrote:
>>>
>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net>
>>>>> wrote:
>> This problem below is still present in 2.3 -git, as of version 2.3.devel
>> (6fc40674e)
>>
>>>>> Secondly, this ssl_dh messages is always printed from doveconf:
>>>>>
>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>> doveconf: Warning: You can generate it with: dd
>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>
>>>>> Yet the file is there:
>>>>>
>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>>>>
>>>>> And the config is there as well:
>>>>>
>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>>>>> ssl_dh = </etc/dovecot/dh.pem
>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>> doveconf: Warning: You can generate it with: dd
>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>> -inform der > /etc/dovecot/dh.pem
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>> thunderstorm dovecot #
>>>>>
>>>>> It appears that this warning is being triggered by the presence of
>>>>> the ssl-parameters.dat file because when I remove it the warning
>>>>> goes away. Perhaps the warning could be made a bit more specific
>>>>> about this file being removed if it is not required because at the
>>>>> moment the warning message is not related to the trigger.
>>>>>
>>>>> Thanks,
>>>>> Reuben
>> Thanks,
>> Reuben
> It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
>
> Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
doveconf: Warning: You can generate it with: dd
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform
der > /etc/dovecot/dh.pem
* Reloading dovecot configs and restarting auth/login processes
... [ ok ]
lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
# gives on startup when ssl_dh is unset.
ssl_dh=</etc/dovecot/dh.pem
lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
More information about the dovecot
mailing list