Fts solr and https

Mon Mar 5 19:56:24 EET 2018

Hi,

Dovecot 2.2.32-34
FreeBSD 10.4

Solr 7.2.1(Centos 6)

When I try to use https to connect to solr, I get error when a 
self-signed certificate:

Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: self signed certificate: /C=Country/
ST=State/L=Location/O=Organization/OU=Organizational 
Unit/CN=solr.domain.com
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: self signed certificate: /C=Country/
ST=State/L=Location/O=Organization/OU=Organizational 
Unit/CN=solr.domain.com
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: 
fts_solr: Indexing failed: SSL handshaking with 1.1.1.1:
8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL 
certificate: self signed certificate: /C=Country/ST=State/L=L
ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 
attempts in 0.043 secs)
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: self signed certificate: /C=Country/
ST=State/L=Location/O=Organization/OU=Organizational 
Unit/CN=solr.domain.com
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: self signed certificate: /C=Country/
ST=State/L=Location/O=Organization/OU=Organizational 
Unit/CN=solr.domain.com
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: 
fts_solr: Indexing failed: SSL handshaking with 1.1.1.1:
8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL 
certificate: self signed certificate: /C=Country/ST=State/L=L
ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 
attempts in 0.430 secs)
Mar  3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: 
Mailbox INBOX: Transaction commit failed: FTS transaction commi
t failed: backend deinit (attempted to index 1 messages (UIDs 
799975..799975))

or error when letsencrypt:

Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: unable to get local issuer certifi
cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: unable to get local issuer certifi
cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: 
fts_solr: Indexing failed: SSL handshaking with 1.1.1.1
3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL 
certificate: unable to get local issuer certificate: /C=US/
O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 (2 attempts in 0.085 
secs)
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: unable to get local issuer certifi
cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): 
Received invalid SSL certificate: unable to get local issuer certifi
cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: 
fts_solr: Indexing failed: SSL handshaking with 1.1.1.1
3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL 
certificate: unable to get local issuer certificate: /C=US/
O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 (2 attempts in 0.112 
secs)
Mar  3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: 
Mailbox INBOX: Transaction commit failed: FTS transaction com
mit failed: backend deinit (attempted to index 1 messages (UIDs 
104770..104770))

90-plugins.conf:
fts_autoindex=yes
fts = solr
fts_solr = url=https://login:pass@solr.domain.com:8983/solr/dovecot/ 
break-imap-search debug

curl and other software connect to solr without errors in both cases.

Does dovecot have option to disable certificate validation (may be 
ssl_verify = false etc.) ?

Thanks.