<div dir="ltr">Adding ssl_client_ca_dir solved my problem. Now I can connect to the IMAP server. Thanks.</div><br><div class="gmail_quote"><div dir="ltr">pon., 23 lip 2018 o 13:53 Aki Tuomi <<a href="mailto:aki.tuomi@dovecot.fi">aki.tuomi@dovecot.fi</a>> napisał(a):<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi!</p>
<p>You need to add a ssl_client_ca_* setting even if you don't want
the imapc to verify the remote cert. I'll have to look into why
this has been made a requirement in the code, since it has to do
what with how we do OpenSSL initialization.<br>
</p>
Aki<br>
<br>
<div class="m_8118147723258086820moz-cite-prefix">On 21.07.2018 12:59, Andrzej Polatyński
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I'm trying to migrate from an old courier IMAP server to
Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL
certificate.</div>
<div><br>
</div>
<div>I'm using the following configuration:</div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_host = 10.1.1.3</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_user = %u</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_features = rfc822.size fetch-headers</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_port = 993</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_ssl = imaps</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">imapc_ssl_verify = no</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">mail_prefetch_count = 20</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">mail_shared_explicit_inbox = no</span></font><br>
</div>
<div><font face="monospace, monospace"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">
</span></font></div>
Launching dsync with the command:
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">doveadm -o mail_fsync=never -o imapc_password=PASSWORD</span><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> -Dv backup -R -u USER</span><a rel="nofollow" href="mailto:andrzej@datatel.net" style="color:rgb(102,17,204);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250)" target="_blank">@DOMAIN</a><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> imapc:</span></font><br>
</div>
<div><br>
</div>
<div>In the output logs I get messages like below:</div>
<div><br>
</div>
<div><font face="monospace, monospace"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(USER@DOMAIN): Error: imapc(<a href="http://10.1.1.3:993" target="_blank">10.1.1.3:993</a>): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Debug: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): Created new connection</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Debug: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): Looking up IP address (reconnect_ok=true, last_connect=1532016643)</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Debug: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): Connecting to <a href="http://10.1.1.3:993" target="_blank">10.1.1.3:993</a></span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Info: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): Connected to <a href="http://10.1.1.3:993" target="_blank">10.1.1.3:993</a> (local <a href="http://172.17.0.5:51972" target="_blank">172.17.0.5:51972</a>)</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Error: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): No SSL context</span><br style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dsync(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">USER@DOMAIN</span>): Debug: imapc(<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">10.1.1.3</span>:993): Disconnected</span><br>
</font></div>
<div><font face="monospace, monospace"><span style="color:rgba(0,0,0,0.87);font-size:14px;font-variant-ligatures:none;white-space:pre-wrap;background-color:rgb(250,250,250);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">
</span></font></div>
<div>Am I missing some configuration parameters?</div>
<div><br>
</div>
<div><br>
</div>
<div>-- </div>
<div>Regards,</div>
<div>Andrew</div>
</div>
</blockquote>
<br>
</div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Pozdrawiam,<br>Andrzej<br></div>