Aki Tuomi <aki.tuomi at dovecot.fi> wrote:>> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so >> linux-gate.so.1 => (0x00e8c000) >> libcrypto.so.1.0.0 => not found >> libssl.so.1.0.0 => not found >> librt.so.1 => /lib/librt.so.1 (0x00be4000) >> libc.so.6 => /lib/libc.so.6 (0x001a6000) >> libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) >> /lib/ld-linux.so.2 (0x007e7000) >> >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so >> linux-gate.so.1 => (0x00dca000) >> libcrypto.so.1.0.0 => not found >> libssl.so.1.0.0 => not found >> librt.so.1 => /lib/librt.so.1 (0x00a7a000) >> libc.so.6 => /lib/libc.so.6 (0x00160000) >> libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) >> /lib/ld-linux.so.2 (0x00560000) >> >> There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess >> with the newly introduced dcrypt stuff something with SSL went wrong. >> >> Would be great if that could be fixed so that SSL works again. > > Can you try the attached patch out?Sorry for the late answer. (Away from computers. :-) Tried the attached patch, applies fine, compiles fine, but the ssl/crypto libraries are still not found. The additional "$(SSL_LIBS)" in both "Makefile.am" files doesn't properly make it into the resulting "Makefile" files. After "configure" is done, the resulting "Makefile" files are exactly the same in the original 2.2.25 version and patched 2.2.25 version (I guess they *should* contain the additional SSL libraries somewhere). Just let me know if there's more I can try (no longer away from computers, so response time is faster :-) Sorry for the bad news ... Andreas
> On September 2, 2016 at 4:56 AM "Andreas M. Kirchwitz" <amk at spamfence.net> wrote: > > > Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so > >> linux-gate.so.1 => (0x00e8c000) > >> libcrypto.so.1.0.0 => not found > >> libssl.so.1.0.0 => not found > >> librt.so.1 => /lib/librt.so.1 (0x00be4000) > >> libc.so.6 => /lib/libc.so.6 (0x001a6000) > >> libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) > >> /lib/ld-linux.so.2 (0x007e7000) > >> > >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so > >> linux-gate.so.1 => (0x00dca000) > >> libcrypto.so.1.0.0 => not found > >> libssl.so.1.0.0 => not found > >> librt.so.1 => /lib/librt.so.1 (0x00a7a000) > >> libc.so.6 => /lib/libc.so.6 (0x00160000) > >> libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) > >> /lib/ld-linux.so.2 (0x00560000) > >> > >> There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess > >> with the newly introduced dcrypt stuff something with SSL went wrong. > >> > >> Would be great if that could be fixed so that SSL works again. > > > > Can you try the attached patch out? > > Sorry for the late answer. (Away from computers. :-) > > Tried the attached patch, applies fine, compiles fine, > but the ssl/crypto libraries are still not found. > > The additional "$(SSL_LIBS)" in both "Makefile.am" files > doesn't properly make it into the resulting "Makefile" files. > After "configure" is done, the resulting "Makefile" files are > exactly the same in the original 2.2.25 version and patched > 2.2.25 version (I guess they *should* contain the additional > SSL libraries somewhere). > > Just let me know if there's more I can try (no longer away > from computers, so response time is faster :-) > > Sorry for the bad news ... AndreasWell, then it leaves only option of using /etc/ld.so.conf so basically add your libssl location there. Aki
Aki Tuomi <aki.tuomi at dovecot.fi> wrote:> Well, then it leaves only option of using /etc/ld.so.conf > so basically add your libssl location there.That's not a working solution and not the purpose of /etc/ld.so.conf. Currently, this is a real-life security issue in Dovecot 2.2.25, because it compiles fine but then - to the user - silently fails to use SSL. The user who doesn't know better reconfigures his client and all security is gone. :-( Custom SSL worked fine in Dovecot 2.2.24, so obviously it can be made to work. The question is just where to add the proper options, or maybe "configure" is broken in some way. I'm happy to try out more patches until the proper solution is found. I've already tried adding SSL libs in various locations during the build process but it hast always the same result that it never gets past "configure". Greetings, Andreas