We'll I've spent the entire day trying to make Dovecot with TLS/SSL work
on Solaris 10 and I'm not any closer.
This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.
bash-3.00# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004
The reason I think the bundled openssl is broken is because Thunderbird
can receive the cert but the connection drops, turning on all the
logging in dovecot I find this in my syslog:
Jun 4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login:
SSL_accept() failed: error:1409D08A:SSL
routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19
6.182.15]
I found some messages on the imap-uw mailing list that indicate that
this error could be caused by the bundled openssl. I've installed the
latest openssl from source without problem and an updated packaged
version from sunfreeware.com. I just can't seem to make Dovecot use them.
I've used crle to include /usr/local/ssl/lib in my library path.
I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure
I've tried CPPFLAGS=-I/usr/local/ssl/include
LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot
--with-ssl=openssl --with-ssldir=/etc/sslcerts
I've tried CPPFLAGS=-I/usr/local/ssl/include
LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot
--with-ssl=openssl --with-ssldir=/etc/sslcerts
When I set the PKG_CONFIG_PATH the messages produced by configure and
make make me think that /usr/local/ssl will be used.
Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can
see
several references to the wrong libssl such as
"open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY) = 3".
Does anyone know how to make Dovecot use a specified install of openssl?
Or how to make Dovecot and the Solaris bundled openssl work?
-Chase
Chase wrote:> I'm trying to setup dovecot on Solaris 10. I can get it all working
> except TLS/SSL. I traced my problem down to the version of openssl
> that Solaris 10 ships with. The fix is supposed to be to use a newer
> version of openssl. Without removing the built-in version of openssl
> I've installed openssl-0.9.8b to /usr/local.
>
> When I "./configure" dovecot it seems to always pick up the
broken
> version of openssl in /usr/sfw. How do I make dovecot use an
> alternate copy of openssl? How is it even finding the one in /usr/sfw?
>
> Thanks,
> -Chase
>
> I tried setting CPPFLAGS and LDFLAGS already.
>