Hi, I am trying to get fts_solr working and my index server is available via HTTPS only. Dovecot is running on a Debian Jessie system and the Solr server has a letsencrypt certificate. My dovecot version is: 2.2.devel (a9ed8ae) The current setup is: 10-mail.conf: mail_plugins = fts fts_solr 90-fts.conf: plugin { fts = solr fts_autoindex = yes fts_solr = url=https://foo.example.com/solr/dovecot/ } When I try to index the mailboxes I am getting error messages like this: doveadm(user at host): Error: fts_solr: Lookup failed: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) doveadm(user at host): Error: Mailbox INBOX: Status lookup failed: Internal error occurred. Refer to server log for more information. [2017-01-22 09:52:38] Segmentation fault Contacting the index server via curl on the command line on the same host works, it returns HTTP 200: user at host ~ $ curl -s -o /dev/null -w "%{http_code}" https://foo.example.com/solr/ 200 user at host ~ $ Currently I have the following ssl related settings: user at host ~ $ doveconf -n -P | grep -i ssl ssl_cert = </etc/ssl/certs/mail.example.org.crt ssl_cipher_list ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/ssl/private/mail.example.org.key ssl_protocols = !SSLv2 !SSLv3 I tried adding the following settings but that didn't help: ssl_ca = < /etc/ssl/certs/ca-certificates.crt ssl_client_ca_dir = /etc/ssl/certs Can you give me a hint how I can get the ssl certificate accepted? Thanks in advance and have a nice day, Jan :-)
Op 1/22/2017 om 10:01 AM schreef Jan Vonde:> I tried adding the following settings but that didn't help: > ssl_ca = < /etc/ssl/certs/ca-certificates.crt > ssl_client_ca_dir = /etc/ssl/certs > > Can you give me a hint how I can get the ssl certificate accepted?That should normally have done the trick. However, the sources tell me that no ssl_client settings are propagated to the http_client used by fts-solr, so SSL is not currently supported it seems. I'll check how easy it is to add that. Regards, Stephan.
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >> I tried adding the following settings but that didn't help: >> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >> ssl_client_ca_dir = /etc/ssl/certs >> >> Can you give me a hint how I can get the ssl certificate accepted? > That should normally have done the trick. However, the sources tell me > that no ssl_client settings are propagated to the http_client used by > fts-solr, so SSL is not currently supported it seems. > > I'll check how easy it is to add that.Just to keep you informed: I created a patch, but it is still being tested. Regards, Stephan.