<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Turns out this was an
openldap config issue .. connecting to ldap via self signed cert and had<br>
<br>
/etc/openldap/ldap.conf as<br>
<br>
<br>
TLS_CACERT /etc/dovecot/ldap_ca<br>
TLS_REQCERT allow<br>
TLS_CACERTDIR /etc/openldap/certs<br>
<br>
SASL_NOCANON on<br>
<span>
</span><br>
Seems what ever gets generated in TLS_CACERTDIR is problem .. commentng
that out seems to have resolved issue .. <br>
<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:5B99D0DE.8000401@the-bryants.net" type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:2px solid #EDF1F4;padding-top:10px;"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:matt@the-bryants.net"
style="color:#485664
!important;padding-right:6px;font-weight:500;text-decoration:none
!important;">Matt Bryant</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#909AA4"><span style="padding-left:6px">13
September 2018 at 12:52 pm</span></font></div> </div></div>
<div style="color:#909AA4;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody"><div>Not sure if this is
dovecot or not but can find very little ie no info<br>around on this ...
and added the pem file into<br>/etc/pki/ca-trust/source/anchors and run
udpate-ca-trust .. all works ok<br>.. (this is on centos 7 btw)<br><br>So
wanted to change the hostname away from ip-x-x-x-x to something a<br>little
bit more descriptive .. but then kaboom .. doesnt work any more<br>and
the following errors are seen.<br><br>Have created and internal CA for
domain and added it to<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot:
master: Dovecot v2.2.33.2<br>(d6601f4ec) starting up for imap, pop3,
lmtp, sieve (core dumps disabled)<br>Sep 13 10:42:04 ip-10-0-40-230
dovecot: auth: Error: p11-kit:<br>'attr->pValue != NULL' not true at
attrs_build<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error:
p11-kit:<br>'lexer->tok.field.name &&
lexer->tok.field.value' not true at p11_lexer_next<br>Sep 13 10:42:04
ip-10-0-40-230 dovecot: auth: Error: p11-kit: 'attrs !=<br>NULL' not
true at attrs_build<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: message
repeated 16 times: [<br>auth: Error: p11-kit: 'attrs != NULL' not true
at attrs_build]<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error:
p11-kit:<br>'new_memory != NULL' not true at maybe_expand_array<br>Sep
13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't<br>be
reached at p11_array_push<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot:
auth: Error: p11-kit: shouldn't<br>be reached at sink_object<br>Sep 13
10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: 'attrs !=<br>NULL'
not true at attrs_build<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot:
auth: Error: p11-kit:<br>'new_memory != NULL' not true at
maybe_expand_array<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth:
Error: p11-kit: shouldn't<br>be reached at p11_array_push<br>Sep 13
10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't<br>be
reached at sink_object<br>...<br>...<br><br>Sep 13 10:42:04
ip-10-0-40-230 dovecot: auth: Error: p11-kit:<br>'new_memory != NULL'
not true at maybe_expand_array<br>Sep 13 10:42:04 ip-10-0-40-230
dovecot: auth: Error: p11-kit: shouldn't<br>be reached at p11_array_push<br>Sep
13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't<br>be
reached at sink_object<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth:
Error: p11-kit:<br>'attr->pValue != NULL' not true at attrs_build<br>Sep
13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:<br>'new_memory
!= NULL' not true at maybe_expand_array<br>Sep 13 10:42:04
ip-10-0-40-230 dovecot: auth: Error: p11-kit: shouldn't<br>be reached at
p11_array_push<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error:
p11-kit: shouldn't<br>be reached at sink_object<br>Sep 13 10:42:04
ip-10-0-40-230 dovecot: auth: Error: p11-kit: no<br>CKA_CLASS attribute
found<br>Sep 13 10:42:04 ip-10-0-40-230 dovecot: auth: Error: p11-kit:
couldn't<br>load file into objects:<br>/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit<br>Sep
13 10:42:05 ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:<br>'attrs
!= NULL' not true at attrs_build<br>Sep 13 10:42:05 ip-10-0-40-230
dovecot: auth-worker: Fatal: master:<br>service(auth-worker): child
14389 killed with signal 11 (core dumps<br>disabled)<br>Sep 13 10:42:05
ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:<br>'attrs != NULL'
not true at attrs_build<br>Sep 13 10:42:05 ip-10-0-40-230 dovecot:
auth-worker: Fatal: master:<br>service(auth-worker): child 14391 killed
with signal 11 (core dumps<br>disabled)<br>Sep 13 10:42:05
ip-10-0-40-230 dovecot: auth-worker: Error: p11-kit:<br>'attrs != NULL'
not true at attrs_build<br>Sep 13 10:42:05 ip-10-0-40-230 dovecot:
auth-worker: Fatal: master:<br>service(auth-worker): child 14393 killed
with signal 11 (core dumps<br>disabled)<br><br>why would a hostname
change make any difference here .. the certs<br>specified in dovecot
config are all complete in their chain so not sure<br>what its trying to
do ... set hostname back to original works find .. so<br>something is
obviously tied or keyed to hostname though cant find<br>anything
specific<br><br>anyone seen anything like this at all ??<br><br>rgds<br><br>Matt<br></div></div>
</blockquote>
<br>
</body></html>