Dovecot 2.3.0 TLS
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Jul 2 08:23:24 EEST 2019
On 2.7.2019 8.06, Peter via dovecot wrote:
> On 11.01.2018 13:20, Hauke Fath wrote:
> >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the
> certificate path bundled in the server certificate? />/No, as a
> separate file, provided from the local (intermediate) CA:
> />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key =
> </etc/openssl/private/server.key />/ssl_ca =
> </etc/openssl/certs/ca-cert-chain.pem />//>/Worked fine with 2.2.x,
> 2.3 gives />//>/% openssl s_client -connect XXX:993
> />/CONNECTED(00000006) />/depth=0 C = DE, ST = Hessen, L = Darmstadt,
> O = Technische
> Universitaet />/Darmstadt, OU = XXX, CN = XXX.tu-darmstadt.de
> />/verify error:num=20:unable to get local issuer certificate
> />/verify return:1 />/depth=0 C = DE, ST = Hessen, L = Darmstadt, O =
> Technische
> Universitaet />/Darmstadt, OU = XXX, CN = XXX.tu-darmstadt.de
> />/verify error:num=21:unable to verify the first certificate
> />/verify return:1 />/--- />/Certificate chain />/0
> s:/C=DE/ST=Hessen/L=Darmstadt/O=Technische Universitaet
> />/Darmstadt/OU=XXX/CN=XXX.tu-darmstadt.de
> />/i:/C=DE/ST=Hessen/L=Darmstadt/O=Technische Universitaet
> />/Darmstadt/CN=TUD CA G01/emailAddress=tud-ca at hrz.tu-darmstadt.de
> <https://dovecot.org/mailman/listinfo/dovecot> />/--- />/Server
> certificate />/-----BEGIN CERTIFICATE----- />/[...] />/% />//
> Seems we might've made a unexpected change here when we revamped
> the ssl
> code. Can you try if it works if you concatenate the cert and
> cert-chain
> to single file? We'll start looking if this is misunderstanding or
> bug.
>
> Aki
>
> -----------------------------------------------------------------
>
> Hi Aki,
>
> I believe that Dovecot 2.3.6 sends only one certificate even though my
> Dovecot uses two concatenated certificates.
>
> Thanks for looking into this.
>
> Regards,
> Peter
Hi!
Can you provide readable output of
openssl s_client -connect host:993
Aki
More information about the dovecot
mailing list