dovecot + centos 7 + internal ca + hostname change

Matt Bryant matt at the-bryants.net
Thu Sep 13 05:52:14 EEST 2018 

Not sure if this is dovecot or not but can find very little ie no info
around on this ... and added the pem file into
/etc/pki/ca-trust/source/anchors and run udpate-ca-trust .. all works ok
.. (this is on centos 7 btw)

So wanted to change the hostname away from ip-x-x-x-x to something a
little bit more descriptive .. but then kaboom .. doesnt work any more
and the following errors are seen.

Have created and internal CA for domain and added it to
Sep 13 10:42:04 ip-10-0-40-230 dovecot: master: Dovecot v2.2.33.2
(d6601f4ec) starting up for imap, pop3, lmtp, sieve (core dumps disabled)
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'attr->pValue != NULL' not true at attrs_build
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'lexer->tok.field.name && lexer->tok.field.value' not true at p11_lexer_next
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: 'attrs !=
NULL' not true at attrs_build
Sep 13 10:42:04 ip-10-0-40-230 dovecot: message repeated 16 times: [
auth: Error: p11-kit: 'attrs != NULL' not true at attrs_build]
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'new_memory != NULL' not true at maybe_expand_array
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at p11_array_push
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at sink_object
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: 'attrs !=
NULL' not true at attrs_build
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'new_memory != NULL' not true at maybe_expand_array
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at p11_array_push
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at sink_object
...
...

Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'new_memory != NULL' not true at maybe_expand_array
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at p11_array_push
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at sink_object
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'attr->pValue != NULL' not true at attrs_build
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
'new_memory != NULL' not true at maybe_expand_array
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at p11_array_push
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't
be reached at sink_object
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: no
CKA_CLASS attribute found
Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: couldn't
load file into objects:
/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:
'attrs != NULL' not true at attrs_build
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Fatal: master:
service(auth-worker): child 14389 killed with signal 11 (core dumps
disabled)
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:
'attrs != NULL' not true at attrs_build
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Fatal: master:
service(auth-worker): child 14391 killed with signal 11 (core dumps
disabled)
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:
'attrs != NULL' not true at attrs_build
Sep 13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Fatal: master:
service(auth-worker): child 14393 killed with signal 11 (core dumps
disabled)

why would a hostname change make any difference here .. the certs
specified in dovecot config are all complete in their chain so not sure
what its trying to do ... set hostname back to original works find .. so
something is obviously tied or keyed to hostname though cant find
anything specific

anyone seen anything like this at all ??

rgds

Matt

More information about the dovecot mailing list