Hi, I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL certificate. I'm using the following configuration: imapc_host = 10.1.1.3 imapc_user = %u imapc_features = rfc822.size fetch-headers imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no mail_prefetch_count = 20 mail_shared_explicit_inbox = no Launching dsync with the command: doveadm -o mail_fsync=never -o imapc_password=PASSWORD -Dv backup -R -u USER @DOMAIN <andrzej at datatel.net> imapc: In the output logs I get messages like below: dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address (reconnect_ok=true, last_connect=1532016643) dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993 dsync(USER at DOMAIN): Info: imapc(10.1.1.3:993): Connected to 10.1.1.3:993 (local 172.17.0.5:51972) dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): No SSL context dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected Am I missing some configuration parameters? -- Regards, Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180721/68d83afe/attachment.html>
Hi! You need to add a ssl_client_ca_* setting even if you don't want the imapc to verify the remote cert. I'll have to look into why this has been made a requirement in the code, since it has to do what with how we do OpenSSL initialization. Aki On 21.07.2018 12:59, Andrzej Polaty?ski wrote:> Hi, > > I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 > (8e2f634). The old server uses self signed SSL certificate. > > I'm using the following configuration: > > imapc_host = 10.1.1.3 > imapc_user = %u > imapc_features = rfc822.size fetch-headers > imapc_port = 993 > imapc_ssl = imaps > imapc_ssl_verify = no > mail_prefetch_count = 20 > mail_shared_explicit_inbox = no > Launching dsync with the command: > > doveadm -o mail_fsync=never -o imapc_password=PASSWORD-Dv backup -R -u > USER at DOMAIN <mailto:andrzej at datatel.net>imapc: > > In the output logs I get messages like below: > > dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993 <http://10.1.1.3:993>): > Couldn't initialize SSL context: Can't verify remote server certs > without trusted CAs (ssl_client_ca_* settings) > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address > (reconnect_ok=true, last_connect=1532016643) > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to > 10.1.1.3:993 <http://10.1.1.3:993> > dsync(USER at DOMAIN): Info: imapc(10.1.1.3:993): Connected to > 10.1.1.3:993 <http://10.1.1.3:993> (local 172.17.0.5:51972 > <http://172.17.0.5:51972>) > dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): No SSL context > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected > Am I missing some configuration parameters? > > > --? > Regards, > Andrew-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180723/e8dcc153/attachment.html>
Adding ssl_client_ca_dir solved my problem. Now I can connect to the IMAP server. Thanks. pon., 23 lip 2018 o 13:53 Aki Tuomi <aki.tuomi at dovecot.fi> napisa?(a):> Hi! > > You need to add a ssl_client_ca_* setting even if you don't want the imapc > to verify the remote cert. I'll have to look into why this has been made a > requirement in the code, since it has to do what with how we do OpenSSL > initialization. > Aki > > On 21.07.2018 12:59, Andrzej Polaty?ski wrote: > > Hi, > > I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 > (8e2f634). The old server uses self signed SSL certificate. > > I'm using the following configuration: > > imapc_host = 10.1.1.3 > imapc_user = %u > imapc_features = rfc822.size fetch-headers > imapc_port = 993 > imapc_ssl = imaps > imapc_ssl_verify = no > mail_prefetch_count = 20 > mail_shared_explicit_inbox = no > Launching dsync with the command: > > doveadm -o mail_fsync=never -o imapc_password=PASSWORD -Dv backup -R -u > USER at DOMAIN <andrzej at datatel.net> imapc: > > In the output logs I get messages like below: > > dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): Couldn't initialize SSL > context: Can't verify remote server certs without trusted CAs > (ssl_client_ca_* settings) > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address > (reconnect_ok=true, last_connect=1532016643) > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993 > dsync(USER at DOMAIN): Info: imapc(10.1.1.3:993): Connected to 10.1.1.3:993 > (local 172.17.0.5:51972) > dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): No SSL context > dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected > Am I missing some configuration parameters? > > > -- > Regards, > Andrew > > >-- Pozdrawiam, Andrzej -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180724/6880ad61/attachment.html>
Reasonably Related Threads
- Dsync fails to connect to remote IMAP server
- Segfault on selecting mailbox twice in a row
- Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
- Trouble using reverse dsync backup (log in successful but almost nothing happens)
- Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)