Hi,
I am trying to get fts_solr working and my index server is available via
HTTPS only. Dovecot is running on a Debian Jessie system and the Solr
server has a letsencrypt certificate.
My dovecot version is:
2.2.devel (a9ed8ae)
The current setup is:
10-mail.conf:
mail_plugins = fts fts_solr
90-fts.conf:
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=https://foo.example.com/solr/dovecot/
}
When I try to index the mailboxes I am getting error messages like this:
doveadm(user at host): Error: fts_solr: Lookup failed: 9002 Couldn't
initialize SSL context: Can't verify remote server certs without trusted
CAs (ssl_client_ca_* settings)
doveadm(user at host): Error: Mailbox INBOX: Status lookup failed:
Internal error occurred. Refer to server log for more information.
[2017-01-22 09:52:38]
Segmentation fault
Contacting the index server via curl on the command line on the same
host works, it returns HTTP 200:
user at host ~ $ curl -s -o /dev/null -w "%{http_code}"
https://foo.example.com/solr/
200
user at host ~ $
Currently I have the following ssl related settings:
user at host ~ $ doveconf -n -P | grep -i ssl
ssl_cert = </etc/ssl/certs/mail.example.org.crt
ssl_cipher_list
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = </etc/ssl/private/mail.example.org.key
ssl_protocols = !SSLv2 !SSLv3
I tried adding the following settings but that didn't help:
ssl_ca = < /etc/ssl/certs/ca-certificates.crt
ssl_client_ca_dir = /etc/ssl/certs
Can you give me a hint how I can get the ssl certificate accepted?
Thanks in advance and have a nice day,
Jan :-)
Op 1/22/2017 om 10:01 AM schreef Jan Vonde:> I tried adding the following settings but that didn't help: > ssl_ca = < /etc/ssl/certs/ca-certificates.crt > ssl_client_ca_dir = /etc/ssl/certs > > Can you give me a hint how I can get the ssl certificate accepted?That should normally have done the trick. However, the sources tell me that no ssl_client settings are propagated to the http_client used by fts-solr, so SSL is not currently supported it seems. I'll check how easy it is to add that. Regards, Stephan.
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >> I tried adding the following settings but that didn't help: >> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >> ssl_client_ca_dir = /etc/ssl/certs >> >> Can you give me a hint how I can get the ssl certificate accepted? > That should normally have done the trick. However, the sources tell me > that no ssl_client settings are propagated to the http_client used by > fts-solr, so SSL is not currently supported it seems. > > I'll check how easy it is to add that.Just to keep you informed: I created a patch, but it is still being tested. Regards, Stephan.